b'   SPECIAL REPORTS RELATING TO THE\nFEDERAL EMPLOYEES\' COMPENSATION ACT\n         SPECIAL BENEFIT FUND\n\n\n\n  APRIL 30, 2003 AND SEPTEMBER 30, 2003\n\n\n\n\n                                     U.S. Department of Labor\n                                    Office of Inspector General\n                              Report Number: 22-04-001-04-431\n                                 Date Issued: October 17, 2003\n\x0c[This page intentionally left blank.]\n\x0c                                    Table of Contents\n\nAcronyms                                                                        i\n\n\n1.   A. Independent Auditors\' Report on the Schedule of Actuarial Liability,\n            Net Intra-Governmental Accounts Receivable and Benefit Expense      1\n\n     B. Schedule of Actuarial Liability, Net Intra-Governmental Accounts\n            Receivable and Benefit Expense                                      2\n\n2.   A. Independent Accountants\' Report on Applying Agreed-Upon Procedures      7\n\n     B. Schedules\n           Schedule of Actuarial Liability by Agency                            9\n           Schedule of Net Intra-Governmental Accounts Receivable by Agency    11\n           Schedule of Benefit Expense by Agency                               13\n\n     C. Agreed-Upon Procedures and Results\n           Summary                                                             15\n           Actuarial Liability                                                 16\n           Net Intra-Governmental Accounts Receivable                          21\n           Benefit Expense                                                     22\n\n3.   A. Independent Service Auditors\' Report                                   27\n\n     B. Division of Federal Employees\' Compensation\xe2\x80\x99s Controls\n           Overview of Services Provided                                       29\n           Overview of Control Environment                                     31\n           Overview of Transaction Processing                                  35\n           Overview of Computer Information Systems                            42\n           Control Objectives and Related Controls                             45\n           User Control Considerations                                         45\n\n     C.     Information Provided by the Service Auditor\n            Tests of Control Environment Elements                              46\n            Test of General Computer Controls                                  46\n            Sampling Methodology                                               47\n            Control Objectives, Related Controls,\n                and Tests of Controls                                          50\n            General Computer Controls                                          51\n            Transaction Processing Controls                                    63\n\x0c              Acronyms\n\nACPS      Automated Compensation Payment System\nADP       Automatic Data Processing\nBPS       Bill Payment System\nBLS       Bureau of Labor Statistics\nCBS       Chargeback System\nCE        Claims Examiner\nCFO       Chief Financial Officer\nCFR       Code of Federal Regulations\nCMF       Case Management File System\nCNS       Corporation for National and Community Service\nCOLA      Cost of Living Adjustment\nCOP       Continuation of Pay\nCPI       Consumer Price Index\nCPI-U     Consumer Price Index for all Urban Consumers\nCPI-Med   Consumer Price Index for Medical\nDBMS      Database Management Systems\nDCE       Designated Claims Examiner\nDD        District Director\nDFEC      Division of Federal Employees\' Compensation\nDHS       U.S. Department of Homeland Security\nDIRM      Directorate of Information Resource Management\nDITMS     Division of Information Technology Management and\n          Services\nDMA       District Medical Advisor\nDMD       District Medical Director\nDMS       Debt Management System\nDO        District Office\nDOJ       U.S. Department of Justice\nDOL       U.S. Department of Labor\nDOLAR$    Department of Labor Accounting and Related Systems\nDOT       U.S. Department of Transportation\nDPPS      Division of Planning, Policy and Standards\nDRP       Disaster Recovery Plan\nEDP       Electronic Data Processing\nEOP       Executive Office of the President\nEPA       Environmental Protection Agency\nESA       Employment Standards Administration\nFECA      Federal Employees\' Compensation Act\nFECS      Federal Employees\xe2\x80\x99 Compensation Systems\nFEMA      Federal Emergency Management Agency\nFISCAM    Federal Information System Controls Audit Manual\nFMFIA     Federal Managers\' Financial Integrity Act\nGSA       General Services Administration\n\n\n\n\n                   i\n\x0c              Acronyms\n\nHBI       Health Benefit Insurance\nHHS       U.S. Department of Health and Human Services\nHUD       U.S. Department of Housing and Urban Development\nIBNR      Incurred But Not Reported\nIPAC      Intra-Governmental Payment and Collection\nIPL       Initial Program Load\nIS        Information Systems\nLBP       Liability to Benefits Paid (ratio)\nLWEC      Loss of Wage Earning Capacity\nNASA      National Aeronautics and Space Administration\nNRC       Nuclear Regulatory Commission\nNSF       National Science Foundation\nOIG       Office of Inspector General\nOLI       Optional Life Insurance\nOMAP      Office of Management Administration, and Planning\nOMB       Office of Management and Budget\nOPM       Office of Personnel Management\nOWCP      Office of Workers\' Compensation Programs\nRS        Rehabilitation Specialist\nSAS 70    Statement on Auditing Standards, Number 70\nSBA       Small Business Administration\nSCE       Senior Claims Examiner\nSDLC      System Development Life Cycle\nSFFAS     Statement of Federal Financial Accounting Standards\nSOL       Solicitor of Labor\nSSA       Social Security Administration\nSunGard   SunGard eSourcing, Inc.\nTTD       Temporary Total Disability\nU.S.C.    United States Code\nUSAID     U.S. Agency for International Development\nUSPS      United States Postal Service\nVA        U.S. Department of Veterans Affairs\n\n\n\n\n                   ii\n\x0c[This page intentionally left blank.]\n\x0c                                              8403 Colesville Road, Suite 340 Silver Spring, Maryland 20910-3367\n                                                 (301) 585-7990     FAX (301) 585-7975 www.mdocpa.com\n\n\n\n\n                                            SECTION 1A\n                              Independent Auditors\xe2\x80\x99 Report on the\n                     Schedule of Actuarial Liability, Net Intra-Governmental\n                           Accounts Receivable and Benefit Expenses\n\nVictoria A. Lipnic, Assistant Secretary\nEmployment Standards Administration, U.S. Department of Labor,\nGeneral Accounting Office, Office of Management and Budget and Other Specified Agencies:\n\nWe have audited the accompanying Schedule of Actuarial Liability, Net Intra-Governmental\nAccounts Receivable and Benefit Expense (the Schedule) of the Federal Employees\' Compensation\nAct Special Benefit Fund as of and for the year ended September 30, 2003. This schedule is the\nresponsibility of the U.S. Department of Labor\'s management. Our responsibility is to express an\nopinion on this schedule based on our audit.\n\nWe conducted our audit in accordance with auditing standards generally accepted in the United\nStates of America, and the standards applicable to financial audits contained in Government Auditing\nStandards, issued by the Comptroller General of the United States. Those standards require that we\nplan and perform the audit to obtain reasonable assurance about whether the Schedule of Actuarial\nLiability, Net Intra-Governmental Accounts Receivable and Benefit Expense is free of material\nmisstatement. An audit includes examining, on a test basis, evidence supporting the amounts and\ndisclosures in the Schedule of Actuarial Liability, Net Intra-Governmental Accounts Receivable and\nBenefit Expense. An audit also includes assessing the accounting principles used and significant\nestimates made by management, as well as evaluating the overall schedule presentation. We believe\nthat our audit provides a reasonable basis for our opinion.\n\nIn our opinion, the Schedule of Actuarial Liability, Net Intra-Governmental Accounts Receivable and\nBenefit Expense referred to above presents fairly, in all material respects, the actuarial liability, net\nintra-governmental accounts receivable and benefit expense of the Federal Employees\' Compensation\nAct Special Benefit Fund as of and for the year ended September 30, 2003, in conformity with\naccounting principles generally accepted in the United States of America.\n\nThis report is intended solely for the information and use of the U.S. Department of Labor, General\nAccounting Office, Office of Management and Budget and those Federal agencies listed in Section\n2B of this report and is not intended to be and should not be used by anyone other than these\nspecified parties.\n\n\n\n\nOctober 8, 2003\n\n\n                                        Affiliated Offices Worldwide\n\n                                                    1\n\x0c                                         SECTION 1B\n                          U.S. Department of Labor\n           Federal Employees\xe2\x80\x99 Compensation Act Special Benefit Fund\n              Schedule of Actuarial Liability, Net Intra-Governmental\n                     Accounts Receivable and Benefit Expense\n                 As of and For the Year Ended September 30, 2003\n\n\n\n                                                                                     (Dollars in\n                                                                                      Thousands)\n\n\nActuarial Liability                                                                 $ 27,054,053\n\n\nNet Intra-Governmental Accounts Receivable                                           $ 3,577,376\n\n\nBenefit Expense                                                                      $ 4,583,324\n\n\n\n\n                      See independent auditors\' report and accompanying notes to this financial schedule.\n\n                                                2\n\x0c                                         SECTION 1C\n            Notes to the Schedule of Actuarial Liability, Net Intra-Governmental\n                          Accounts Receivable and Benefit Expense\n                      As of and For the year ended September 30, 2003\n\n1.   Significant Accounting Policies\n\n     a.   Basis of Presentation\n\n     This schedule has been prepared to report the actuarial liability, net intra-governmental\n     accounts receivable and benefit expense of the Federal Employees\' Compensation Act (FECA)\n     Special Benefit Fund. The Special Benefit Fund was established by the Federal Employees\'\n     Compensation Act to provide for the financial needs resulting from compensation and medical\n     benefits authorized under the Act. The U.S. Department of Labor (DOL), Employment\n     Standards Administration (ESA) is charged with the responsibility of operating the Special\n     Benefit Fund under the provisions of the Act. The schedule has been prepared from the\n     accounting records of the Special Benefit Fund.\n\n     The actuarial liability, net intra-governmental accounts receivable and benefit expense of the\n     Special Benefit Fund have been considered specified accounts for the purpose of this special\n     report and have been reported thereon. ESA is responsible for providing annual data to the\n     CFO Act and other specified agencies. ESA\'s annual data is defined as the actuarial liability of\n     the Special Benefit Fund. This annual data is necessary for the CFO Act and other specified\n     agencies to support and prepare their respective financial statements.\n\n     The actuarial liability for future workers\' compensation benefits is an accrued estimate as of\n     September 30, 2003. The net intra-governmental accounts receivable is the amount due from\n     Federal agencies for benefit payments paid to employees of the employing agency. The net\n     intra-governmental accounts receivable includes amounts which were billed to the employing\n     agencies through June 30, 2003, but not paid as of September 30, 2003, including prior years,\n     if applicable, plus the accrued receivable for benefit payments not yet billed for the period\n     July 1, 2003 through September 30, 2003, less credits due from the public. Benefit expense\n     consists of benefits paid and accrued for the period from October 1, 2002 to September 30,\n     2003, plus the net change in the actuarial liability for the year.\n\n     Benefit payments are intended to provide income and medical cost protection to covered\n     Federal civilian employees injured on the job, employees who have incurred a work-related\n     occupational disease and beneficiaries of employees whose death is attributable to job-related\n     injury or occupational disease. The actuarial liability is computed from the benefits paid\n     history. The benefits paid, inflation and interest rate assumptions, and other economic factors\n     are applied to the actuarial model that calculates the liability estimate.\n\n\n\n\n                                                3\n\x0c                                         SECTION 1C\n            Notes to the Schedule of Actuarial Liability, Net Intra-Governmental\n                          Accounts Receivable and Benefit Expense\n                      As of and For the year ended September 30, 2003\n\n     b.     Basis of Accounting\n\n     The accounting and reporting policies of the Federal Employees\' Compensation Act Special\n     Benefit Fund relating to the Schedule conforms to accounting principles generally accepted in\n     the United States of America.\n\n     Statement of Federal Financial Accounting Standards (SFFAS) Number 5, Section 38,\n     Accounting for Liabilities of the Federal Government, requires that a contingent liability be\n     recognized when three conditions are met. First, a past event or exchange transaction has\n     occurred. Second, a future outflow or other sacrifice of resources is probable. Finally, the\n     future outflow or sacrifice of resources is measurable.\n\n     Claims that have been incurred but not reported (IBNR) are included in the actuarial liability.\n     Therefore, the actuarial liability represents the estimated present value of future compensation\n     and medical payments based upon approved claims, plus a component for incurred but not\n     reported claims.\n\n2.   Actuarial Liability (Future Workers\xe2\x80\x99 Compensation Benefits)\n\n     The Special Benefit Fund was established under the authority of the Federal Employees\'\n     Compensation Act to provide income and medical cost protection to covered Federal civilian\n     employees injured on the job, employees who have incurred a work-related occupational\n     disease and beneficiaries of employees whose death is attributable to a job-related injury or\n     occupational disease. The fund is reimbursed by other Federal agencies for the FECA benefit\n     payments made on behalf of their workers.\n\n     The actuarial liability for future workers\xe2\x80\x99 compensation reported on the schedule includes the\n     expected liability for death, disability, medical and miscellaneous costs for approved cases.\n     The liability is determined using a method that utilizes historical benefit payment patterns\n     related to a specific incurred period to predict the ultimate payments related to that period.\n\n     Consistent with past practice, these projected annual benefit payments have been discounted to\n     present value using the Office of Management and Budget\'s (OMB) economic assumptions for\n     10-year Treasury notes and bonds. The interest rate assumptions utilized for discounting was\n     3.84% in year 1 and 4.35% thereafter.\n\n     To provide more specifically for the effects of inflation on the liability for future workers\'\n     compensation benefits, wage inflation factors (cost of living adjustment or COLA) and\n     medical inflation factors (consumer price index-medical or CPI-Med) are applied to the\n     calculation of projected future benefits. These factors are also used to adjust the historical\n     payments to current year constant dollars. The liability is determined assuming an annual\n     payment at mid-year.\n\n\n                                                4\n\x0c                                          SECTION 1C\n            Notes to the Schedule of Actuarial Liability, Net Intra-Governmental\n                          Accounts Receivable and Benefit Expense\n                       As of and For the year ended September 30, 2003\n\n     The compensation COLA and the CPI-Med used in the model\'s calculation of estimates were\n     as follows:\n                        FY       COLA      CPI-Med\n                            2004       2.30%         3.21%\n                            2005       2.00%         3.54%\n                            2006       1.83%         3.64%\n                            2007       1.97%         3.80%\n                            2008       2.17%         3.92%\n\n     The medical inflation rates presented represent an average of published quarterly rates\n     covering the benefit payment fiscal year. The compensation factors presented are the blended\n     rates used by the model rather than the published June 4, 2003, FECA-COLA factor from\n     which the blended rates are derived.\n\n3.   Net Intra-Governmental Accounts Receivable\n\n     Net intra-governmental accounts receivable is the total of the amounts billed to Federal\n     agencies through June 30, 2003, but had not been paid as of September 30, 2003, including\n     prior year\xe2\x80\x99s amounts billed, if applicable, plus the accrued receivable for benefit payments not\n     yet billed for the period July 1, 2003, through September 30, 2003, less applicable credits. The\n     Special Benefit Fund also receives an appropriation for special cases where employing\n     agencies and older cases are not charged for benefit payments.\n\n     Each Federal agency is required by the Federal Employees\xe2\x80\x99 Compensation Act to include in\n     their annual budget estimate a request for an appropriation in the amount equal to the agency\n     cost. Agencies not receiving an appropriation are required to pay agency costs from funds\n     directly under their control.\n\n     In addition, certain corporations and instrumentalities are assessed under the Federal\n     Employees\' Compensation Act for a fair share of the costs of administering disability claims\n     filed by their employees. The fair share costs are included in the net intra-governmental\n     accounts receivable.\n\n4.   Benefit Expense\n\n     Benefits paid and accrued consists of benefit payments for compensation for lost wages,\n     schedule awards, death benefits and medical benefits paid and accrued under FECA for the\n     period October 1, 2002 through September 30, 2003, plus the net change in the actuarial\n     liability for the year. The amount paid and accrued for compensation for lost wages, schedule\n     awards, death benefits and medical benefits totaled $2.336 billion. The net change in the\n     actuarial liability for the year was an increase of $2.247 billion. Benefit expense for the fiscal\n     year was $4.583 billion.\n\n                                                 5\n\x0c[This page intentionally left blank.]\n\n\n\n\n             6\n\x0c                                               8403 Colesville Road, Suite 340 Silver Spring, Maryland 20910-3367\n                                                  (301) 585-7990     FAX (301) 585-7975 www.mdocpa.com\n\n\n\n                                            SECTION 2A\n                               Independent Accountants\xe2\x80\x99 Report\n                              On Applying Agreed-upon Procedures\n\nVictoria A. Lipnic, Assistant Secretary\nEmployment Standards Administration, U.S. Department of Labor,\nGeneral Accounting Office, Office of Management and Budget and Other Specified Agencies:\n\nWe have performed the procedures described in Section 2C, Agreed-Upon Procedures and Results,\nwhich were agreed to by the U.S. Department of Labor, General Accounting Office, Office of\nManagement and Budget, the CFO Act agencies and other specified agencies listed in the Schedules\nof Actuarial Liability by Agency, Net Intra-Governmental Accounts Receivable by Agency and\nBenefit Expense by Agency (Section 2B) of this special report, solely to assist you and such\nagencies with respect to the accompanying Schedules of Actuarial Liability by Agency, Net Intra-\nGovernmental Accounts Receivable by Agency and Benefit Expense by Agency (Section 2B) of the\nFederal Employees\' Compensation Act Special Benefit Fund as of and for the year ended\nSeptember 30, 2003.\n\nThe Department of Labor is responsible for the Schedules (Section 2B). The Schedule of Actuarial\nLiability by Agency at September 30, 2003, represents the present value of the estimated future\nbenefits to be paid pursuant to the Federal Employees\' Compensation Act. The Schedule of Net\nIntra-Governmental Accounts Receivable by Agency is the total of the amounts billed to Federal\nagencies through June 30, 2003 which had not yet been paid as of September 30, 2003 plus the\naccrued receivable for benefit payments not yet billed for the period July 1, 2003 through\nSeptember 30, 2003. The Schedule of Benefit Expense by Agency is the benefits paid and accrued\nfor the fiscal year ended September 30, 2003, plus the net change in the actuarial liability for the\nyear.\n\nThis agreed-upon procedures engagement was conducted in accordance with attestation standards\nestablished by the American Institute of Certified Public Accountants and with Government\nAuditing Standards, issued by the Comptroller General of the United States.\n\nAn actuary was engaged to perform certain procedures relating to the actuarial liability as described\nin Section 2C.\n\nWe express no opinion on the Federal Employees\' Compensation Act Special Benefit Fund\'s\ninternal controls over financial reporting or any part thereof.\n\nThe sufficiency of the procedures is solely the responsibility of the parties specified in this report.\nConsequently, we make no representation regarding the sufficiency of the procedures described in\nSection 2C either for the purpose for which this report has been requested or for any other purpose.\nOur agreed-upon procedures and results are presented in Section 2C of this report.\n\n\n                                      Affiliated Offices Worldwide\n\n\n                                                  7\n\x0cWe were not engaged to, and did not perform an audit of the Schedules of Actuarial Liability by\nAgency, Net Intra-Governmental Accounts Receivable by Agency and Benefit Expense by Agency,\nthe objective of which is the expression of an opinion on the Schedules or a part thereof. Accordingly,\nwe do not express such an opinion. Had we performed additional procedures, other matters might\nhave come to our attention that would have been reported to you.\n\nThis report should not be used by those who have not agreed to the procedures and taken\nresponsibility for the sufficiency of the procedures for their purposes. This report is intended solely\nfor the information and use of the U.S. Department of Labor, General Accounting Office, Office of\nManagement and Budget and those Federal agencies listed in Section 2B of this report and is not\nintended to be and should not be used by anyone other than these specified parties.\n\n\n\n\nOctober 8, 2003\n\n\n\n\n                                                  8\n\x0c                                            SECTION 2B\n                                  U.S. Department of Labor\n                            Employment Standards Administration\n                   Federal Employees\xe2\x80\x99 Compensation Act Special Benefit Fund\n                               Schedule of Actuarial Liability by Agency\n                                      As of September 30, 2003\n\n\n                                                                                Actuarial\n                                                                                Liability\nAGENCY                                                                     (Dollars in thousands)\n\nAgency for International Development                                                $      27,400\nEnvironmental Protection Agency                                                            44,096\nFederal Emergency Management Agency                                                             0\nGeneral Services Administration                                                          195,552\nNational Aeronautics and Space Administration                                              69,446\nNational Science Foundation                                                                 1,649\nNuclear Regulatory Commission                                                               9,073\nOffice of Personnel Management                                                             14,397\nUnited States Postal Service                                                            8,729,029\nSmall Business Administration                                                              31,822\nSocial Security Administration                                                           305,289\nTennessee Valley Authority                                                               664,669\nU. S. Department of Agriculture                                                          939,818\nU. S. Department of the Air Force                                                       1,558,355\nU. S. Department of the Army                                                            2,081,971\nU. S. Department of Commerce                                                             200,056\nU. S. Department of Defense \xe2\x80\x93 other                                                      955,952\nU. S. Department of Education                                                              22,265\nU. S. Department of Energy                                                               102,553\nU. S. Department of Health and Human Services                                            296,315\nU. S. Department of Homeland Security                                                   1,103,401\nU. S. Department of Housing and Urban Development                                          84,240\nU. S. Department of the Interior                                                         711,565\n\n\n\n\n                                                   9\n\x0c                                                                     SECTION 2B\n                                              U.S. Department of Labor\n                                        Employment Standards Administration\n                               Federal Employees\xe2\x80\x99 Compensation Act Special Benefit Fund\n                                              Schedule of Actuarial Liability by Agency\n                                                     As of September 30, 2003\n\n                                                                                                                 Actuarial\n                                                                                                                 Liability\n    AGENCY                                                                                                  (Dollars in thousands)\n    U. S. Department of Justice                                                                                           839,748\n    U. S. Department of Labor                                                                                             280,398\n    U. S. Department of the Navy                                                                                         2,999,824\n    U. S. Department of State                                                                                               61,628\n    U. S. Department of Transportation                                                                                   1,114,602\n    U. S. Department of the Treasury                                                                                      782,903\n    U. S. Department of Veterans Affairs (VA)                                                                            1,887,701\n    Other agencies 1                                                                                                      938,336\n    Total - all agencies (Memo Only)                                                                                 $ 27,054,053\n\n\n\n\n                                                                              10\n1\n    Non-billable and other agencies for which ESA has not individually calculated an actuarial liability.\n\x0c                                                                          SECTION 2B\n                                               U.S. Department of Labor\n                                         Employment Standards Administration\n                                Federal Employees\xe2\x80\x99 Compensation Act Special Benefit Fund\n                                                     Schedule of Net Intra-Governmental\n                                                       Accounts Receivable by Agency\n                                                          As of September 30, 2003\n\n                                                                                                             Amounts                       Net Intra-\n                                                                                       Amounts              Expended          Credits     Governmental\n                                                                                      Billed Not             Not Yet        Due from        Accounts\n                                                                                     Yet Paid (1)            Billed (2)     Public (3)    Receivable (4)\n                                                                                      (Dollars in           (Dollars in     (Dollars in    (Dollars in\n AGENCY                                                                               thousands)            thousands)      thousands)     thousands)\n\n Agency for International Development                                                      $ 5,576             $     865        $ (24)          $ 6,417\n\n Environmental Protection Agency                                                               7,050                1,020          (30)            8,040\n\n General Services Administration                                                             31,618                 4,410         (127)           35,901\n\n National Aeronautics and Space Administration                                               13,348                 2,030          (54)           15,324\n\n National Science Foundation                                                                      227                 38            (1)              264\n\n Nuclear Regulatory Commission                                                                 1,469                 183            (6)            1,646\n\n Office of Personnel Management                                                                2,197                 535            (9)            2,723\n\n United States Postal Service                                                                73,771            242,799          (6,823)          309,747\n\n Small Business Administration                                                                 5,052                 676           (20)            5,708\n\n Social Security Administration                                                              43,786                 6,878         (181)           50,483\n\n Tennessee Valley Authority                                                                  72,450                17,424         (488)           89,386\n\n U. S. Department of Agriculture                                                            141,798                20,073         (582)          161,289\n\n U. S. Department of the Air Force                                                          268,048                37,795       (1,092)          304,751\n\n U. S. Department of the Army                                                               323,578                47,611       (1,323)          369,866\n\n U. S. Department of Commerce                                                                38,757                 3,960         (127)           42,590\n\n U. S. Department of Defense - other                                                        161,869                22,873         (665)          184,077\n\n U. S. Department of Education                                                                 4,001                 402           (12)            4,391\n\n U. S. Department of Energy                                                                  13,718                 2,006          (55)           15,669\n\n U. S. Department of Health and Human Services                                               45,061                 6,468         (183)           51,346\n\n U. S. Department of Homeland Security                                                      158,891                28,887         (676)          187,102\n\n\n                                                                                     11\n1 Amounts billed through June 30, 2003 (including prior years) but not yet paid as of September 30, 2003.\n2 Amounts paid and accrued but not yet billed for the period July 1, 2003 through September 30, 2003.\n3 Allocation of credits due from the public through September 30, 2003.\n4 Total amount due to the fund for each agency as of September 30, 2003.\n\x0c                                                                          SECTION 2B\n                                               U.S. Department of Labor\n                                         Employment Standards Administration\n                                Federal Employees\xe2\x80\x99 Compensation Act Special Benefit Fund\n                                                     Schedule of Net Intra-Governmental\n                                                       Accounts Receivable by Agency\n                                                          As of September 30, 2003\n\n                                                                                                             Amounts                     Net Intra-\n                                                                                       Amounts              Expended        Credits     Governmental\n                                                                                      Billed Not             Not Yet      Due from        Accounts\n                                                                                     Yet Paid (1)            Billed (2)   Public (3)    Receivable (4)\n                                                                                      (Dollars in           (Dollars in   (Dollars in    (Dollars in\n AGENCY                                                                               thousands)            thousands)    thousands)     thousands)\n\n U. S. Department of Housing and Urban Development                                           15,264               2,178          (61)           17,381\n\n U. S. Department of the Interior                                                           109,239             16,197          (456)          124,980\n\n U. S. Department of Justice                                                                125,028             20,141          (533)          144,636\n\n U. S. Department of Labor                                                                   49,923               7,710         (231)           57,402\n\n U. S. Department of the Navy                                                               493,712             70,372        (1,978)          562,106\n\n U. S. Department of State                                                                   15,952               2,163          (68)           18,047\n\n U. S. Department of Transportation                                                         188,576             27,137          (763)          214,950\n\n U. S. Department of the Treasury                                                           119,803             15,711          (485)          135,029\n\n U. S. Department of Veterans Affairs                                                       307,962             45,223        (1,268)          351,917\n\n Other agencies                                                                              90,246             14,358          (396)          104,208\n\n Total - all agencies (Memo Only)                                                    $ 2,927,970             $ 668,123    $ (18,717)       $ 3,577,376\n\n\n\n\n                                                                                     12\n1 Amounts billed through June 30, 2003 (including prior years) but not yet paid as of September 30, 2003.\n2 Amounts paid and accrued but not yet billed for the period July 1, 2003 through September 30, 2003.\n3 Allocation of credits due from the public through September 30, 2003.\n4 Total amount due to the fund for each agency as of September 30, 2003.\n\x0c                                                SECTION 2B\n                                    U.S. Department of Labor\n                              Employment Standards Administration\n                     Federal Employees\xe2\x80\x99 Compensation Act Special Benefit Fund\n                                    Schedule of Benefit Expense by Agency\n                                    For the year ended September 30, 2003\n\n                                                               Benefits        Change in          Total\n                                                               Paid and        Actuarial         Benefit\n                                                               Accrued          Liability       Expense\n                                                              (Dollars in      (Dollars in     (Dollars in\nAGENCY                                                        thousands)       thousands)      thousands)\n\nAgency for International Development                             $     2,962     $     (851)      $     2,111\n\nEnvironmental Protection Agency                                        3,501           4,639            8,140\n\nFederal Emergency Management Agency                                    (645)       (28,661)           (29,306)\n\nGeneral Services Administration                                       15,562           4,228           19,790\n\nNational Aeronautics and Space Administration                          6,826           2,166            8,992\n\nNational Science Foundation                                             120              12               132\n\nNuclear Regulatory Commission                                           679              11               690\n\nOffice of Personnel Management                                         1,381           1,112            2,493\n\nUnited States Postal Service                                         835,493     1,075,838         1,911,331\n\nSmall Business Administration                                          2,494            335             2,829\n\nSocial Security Administration                                        22,766          24,740           47,506\n\nTennessee Valley Authority                                            59,884          12,571           72,455\n\nU. S. Department of Agriculture                                       70,560          78,198          148,758\n\nU. S. Department of the Air Force                                    132,496          81,471          213,967\n\nU. S. Department of the Army                                         178,960         152,889          331,849\n\nU. S. Department of Commerce                                          14,931           9,369           24,300\n\nU. S. Department of Defense - other                                   64,401          51,027          115,428\n\nU. S. Department of Education                                          1,373            600             1,973\n\nU. S. Department of Energy                                             8,844          10,111           18,955\n\nU. S. Department of Health and Human Services                         22,134          19,616           41,750\n\nU.S. Department of Homeland Security                                 107,700     1,103,401         1,211,101\n\n\n\n                                                     13\n\x0c                                                                            SECTION 2B\n                                                U.S. Department of Labor\n                                          Employment Standards Administration\n                                 Federal Employees\xe2\x80\x99 Compensation Act Special Benefit Fund\n                                                    Schedule of Benefit Expense by Agency\n                                                    For the year ended September 30, 2003\n\n                                                                                                                       Change in         Total\n                                                                                                           Benefit     Actuarial        Benefit\n                                                                                                         Payments       Liability      Expense\n                                                                                                         (Dollars in   (Dollars in    (Dollars in\n AGENCY                                                                                                  thousands)    thousands)     thousands)\n U. S. Department of Housing and Urban Development                                                             7,352         3,246           10,598\n\n U. S. Department of the Interior                                                                             55,398        53,064         108,462\n\n U. S. Department of Justice                                                                                  57,443     (364,536)        (307,093)\n\n U. S. Department of Labor                                                                                    21,465         7,421           28,886\n\n U. S. Department of the Navy                                                                                242,003       127,523         369,526\n\n U. S. Department of State                                                                                     6,685         5,369           12,054\n\n U. S. Department of Transportation                                                                           91,597       (37,252)          54,345\n\n U. S. Department of the Treasury                                                                             49,836     (294,051)        (244,215)\n\n U. S. Department of Veterans Affairs                                                                        154,801       125,124         279,925\n\n Other agencies (1)                                                                                           97,636        17,956         115,592\n\n Total - all agencies (Memo Only)                                                                        $ 2,336,638   $ 2,246,686      $ 4,583,324\n\n\n\n\n                                                                                       14\n1 Non-billable and other agencies for which ESA did not individually calculate an actuarial liability.\n\x0c                                           SECTION 2C\n                                Agreed-upon Procedures & Results\n\nSummary\n\nOur objective was to perform specified agreed-upon procedures on the Schedules of Actuarial\nLiability by Agency, Net Intra-Governmental Accounts Receivable by Agency, and Benefit Expense\nby Agency as of and for the year ended September 30, 2003. These procedures were performed in\naccordance with attestation standards established by the American Institute of Certified Public\nAccountants and Government Auditing Standards, issued by the Comptroller General of the United\nStates.\n\nWe applied the following agreed-upon procedures as summarized below:\n\nActuarial Liability - Consistent with prior years, the actuarial liability was evaluated by an\nindependent actuary. Agreed-upon procedures were performed on the methodology, assumptions and\ninformation used in the model. The 2003 benefit payments predicted by the model for 2002 were\ncompared to actual payments made in 2003, and analytical procedures were performed relating the\nchange in the liability amount by agency to the change in the aggregate liability.\n\nNet Intra-Governmental Accounts Receivable - Confirmation letters regarding the accounts receivable\ndue as of September 30, 2003, were mailed and confirmed with the CFO Act and other selected\nFederal agencies. Agreed-upon procedures were performed on FY 2003 accounts receivable and\ncompared with FY 2002 accounts receivable regarding new receivables; collections, write-offs, and\nchargebacks, and explanations were requested for changes over 5 percent, if any.\n\nBenefit Expense - Agreed-upon procedures were applied to the benefit payments made during the\ncurrent fiscal year by District office, by strata, and by agency as compared to benefit payments of the\nprior fiscal year and to DOL\xe2\x80\x99s year-end cut-off process. We calculated the change in the actuarial\nliability from the prior year to the current year.\n\n\n\n\n                                                  15\n\x0c                                                      SECTION 2C\n                                      Agreed-upon Procedures & Results\n\nACTUARIAL LIABILITY\n\nOverview\n\nAn independent actuary evaluated the actuarial model and the resulting actuarial liability. The\nindependent actuary issued a report stating the aggregate actuarial liability was reasonably stated in\naccordance with Actuarial Standards. We performed agreed-upon procedures on the calculation of the\nactuarial liability by employing agency. Our procedures included considerations of how the change in\neach agency\'s liability relate to the change in the total estimate, its own history, its group, and to the\nbenefit payments made during the current year.\n\nProcedures and Results\n\n Agreed-Upon Procedures Performed                      Results of Procedures\n\n Engaged a certified actuary to review the\n calculations of the actuarial liability as to:\n \xe2\x80\xa2 Whether or not the assumptions used by the The actuary\'s review of the model indicated that the assumptions\n     model were appropriate for the purpose and were appropriate for the purpose and method applied. The\n     method to which they were applied.         actuary tested the calculations included in the model and reported\n                                                that they were performed consistent with the model\'s stated\n                                                assumptions.\n\n \xe2\x80\xa2   Whether or not such assumptions were applied      The actuary\'s review of the model indicated that the assumptions\n     correctly and if other calculations within the    were applied correctly and that calculations were performed in\n     model were performed in a manner as to            such a way as to generate results which are appropriate overall.\n     generate appropriate results.                     Additional detailed checks of calculations and data flow revealed\n                                                       no error in methodology had been used.\n\n \xe2\x80\xa2   Whether or not tests of calculations provided a The methodology and assumptions applied to the calculations\n     reasonable basis regarding the integrity of the tested provides a reasonable basis in regard to the integrity of the\n     model as a whole.                               model as a whole.\n\n \xe2\x80\xa2   Whether or not the overall results were           The actuary indicated that the model calculation of the liability\n     reasonable.                                       and the overall results were reasonable under the method and\n                                                       assumptions used.\n\n Confirmed with the American Academy of                The actuarial specialist was accredited and in good standing with\n Actuaries and the Casualty Actuarial Society as to    the American Academy of Actuaries and the Casualty Actuarial\n whether the actuary was accredited and in good        Society. The actuarial consulting firm certified that they were\n standing with the associations.       Obtained a      independent from DOL and the FECA Special Benefit Fund. The\n statement of independence from the actuarial firm     actuarial consulting firm provided references stating experience\n and two references from clients of the actuarial      in the type of work required for this engagement. The references\n firm as to the actuary\'s work.                        were contacted, and they confirmed the actuary possessed the\n                                                       expertise and experience required for this engagement.\n\n\n\n\n                                                            16\n\x0c                                                     SECTION 2C\n                                    Agreed-upon Procedures & Results\n\nAgreed-Upon Procedures Performed                      Results of Procedures\n\nCompared     and    evaluated     the     economic    The model utilizes estimates of prospective inflation and interest\nassumptions used by the model for 2002 to the         rates to project and then discount future benefit payments. As\nassumptions used during the current year.             published by OMB, prospective interest rates of 10-year Treasury\n                                                      bills decreased from 5.2% for the prior year to an average of\n                                                      4.29% for the current year. The Bureau of Labor Statistics (BLS)\n                                                      estimates of COLA decreased from a 10-year average of 2.37%\n                                                      for the prior year to a 10-year average of 2.11% for the current\n                                                      year, and CPI-Med factors decreased from a 10-year average of\n                                                      4.04% for the prior year to a 10-year average of 3.75% for the\n                                                      current year. In combination, these rate changes resulted in a\n                                                      decrease in the net effective rate (interest rate less inflation rate)\n                                                      of approximately 27% (from 2.50% to 1.83%). The result of the\n                                                      changes in estimated prospective rates was to increase the\n                                                      estimated actuarial liability by approximately 7% from what the\n                                                      liability would have been had 2002 rates been used for the year\n                                                      2003 calculation.\n\n\nCompared the interest rate (used for discounting      The interest rates used in the model were the same interest rates\nthe future liability to the present value) and        stated in OMB\'s publication. The inflation rates used in the\ninflation rates used by the model to the source       model were derived from the BLS indices cited. No exceptions\ndocuments from which they were derived.               were noted.\n\n\nCompared the actuarial liability by agency of the     The liability reported in the Memorandum issued to the CFOs of\nunaudited estimated actuarial liability for future    Executive Departments of the unaudited estimated actuarial\nworkers\xe2\x80\x99 compensation benefits, as reported in a      liability for future workers\' compensation benefits agreed with the\nMemorandum to the CFOs of Executive                   liability calculated by the model and reported on the Projected\nDepartments issued by DOL\xe2\x80\x99s Chief Financial           Liability Reports.\nOfficer, to the liability calculated by the model\nand reported on the Projected Liability Reports.\n\nCompared by agency and in aggregate, the 1998-        The amounts by agency and in the aggregate agreed without\n2003 benefit payments used by the model with the      exception. The benefit payment data used by the model were the\namount of benefit payments reflected in the           same data used to perform agreed-upon procedures for benefit\nSummary Chargeback Billing Report. Determined         payments.\nwhether the benefit payment data used by the\nmodel are the same data on which agreed-upon\nprocedures for benefit payments were performed.\n\n\n\n\n                                                           17\n\x0c                                                       SECTION 2C\n                                      Agreed-upon Procedures & Results\n\nAgreed-Upon Procedures Performed                        Results of Procedures\n\nDetermined the basis of the agency groupings and        The agency groupings were consistent with the prior year. The\nperformed tests to compare the consistency of the       grouping was determined premised on a claim duration\ngrouping with the prior year. Determined the            probability study performed by a DOL economist. Both the\nimpact of such inclusion in a grouping.                 designers of the model and the independent actuary agreed that\n                                                        the study provided a basis for such groupings. The groupings\n                                                        were traced to the study. The study included data through 1991,\n                                                        and therefore, agencies without claims under FECA prior to 1991\n                                                        had not been studied. These agencies were placed in Group III,\n                                                        whose average probability approximated the average of the\n                                                        aggregate population. These agencies are USAID, NSF, NRC,\n                                                        OPM, SBA and SSA. In 2003 Homeland Security was added to\n                                                        Group II premised on the understanding that more than half the\n                                                        total chargeback was transferred from Group II agencies (DOT\n                                                        and Treasury).\n\n                                                        Agency groupings are used to group agencies with similar\n                                                        historical benefit payment patterns. The liability estimate is\n                                                        calculated by grouping to minimize potential distortion in the\n                                                        calculation due to variable historical payment patterns among the\n                                                        agencies.\n\nCalculated the change in the actuarial liability by     The aggregate liability increased approximately 9.2%.           The\nagency and in the aggregate. Determined, based on       following agencies\' liabilities changed by more than 10%.\na predictive test, if variances were consistent with\nthe Liability to Benefits Paid (LBP) ratio applied      \xe2\x80\xa2   EPA                     +11.76%\nto each agency\xe2\x80\x99s prior year liability adjusted for      \xe2\x80\xa2   Treasury                -27.30%\ntheir change in benefit payments and economic           \xe2\x80\xa2   Homeland Security      +100.00%\nassumptions. Identified the reason for or requested     \xe2\x80\xa2   Smithsonian             +12.67%\nexplanations for agencies whose change in liability     \xe2\x80\xa2   DOJ                     -30.27%\nwas not consistent with predictive test results.        \xe2\x80\xa2   Energy                  +10.94%\n                                                        \xe2\x80\xa2   Postal Service          +14.06%\n                                                        \xe2\x80\xa2   FEMA                   -100.00%\n\n                                                        DOJ and Treasury both transferred substantial subagencies to\n                                                        Homeland Security. FEMA was transferred entirely to Homeland\n                                                        Security. For EPA, Smithsonian, Energy, and Postal Service, the\n                                                        model calculation was consistently within 10% of the predictive\n                                                        test results indicating changes in these liabilities are reasonable.\n                                                        No further explanations deemed necessary.\n\n\nReviewed the Department of Homeland Security            There were four agencies with prior activity whose related\n(DHS) liability estimate and performed tests to         historical benefit payments were imputed to Homeland Security\ndetermine its reasonableness. Determined the            as the basis on which the new liability was calculated. DOT\nimpact of the liability transfer on contributing        transferred Coast Guard, Coast Guard Auxiliary, and the\nagencies.                                               Transportation Security Administration. DOJ transferred the\n                                                        Immigration and Naturalization Service. Treasury transferred\n                                                        Secret Service, Customs, and Federal Law Enforcement Training\n                                                        Center (FLETC). FEMA was transferred in its entirety.\n\n\n\n\n                                                             18\n\x0c                                                      SECTION 2C\n                                     Agreed-upon Procedures & Results\n\nAgreed-Upon Procedures Performed                       Results of Procedures\n\n                                                       For the purpose of calculating the new DHS liability, and under\n                                                       the supervision of an actuary, DOL added the historical benefit\n                                                       payments of the subagencies identified to DHS and calculated a\n                                                       new liability. Conversely, the historical benefit payments\n                                                       included now under DHS were excluded from the calculation of\n                                                       the legacy agencies.\n\n                                                       We calculated the percentage of the transferred subagency\n                                                       payments for 1998-2002 to overall agency benefit payments for\n                                                       those years and compared it to the constant dollar change in the\n                                                       calculation of the legacy estimated liability as follows:\n                                                       \xe2\x80\xa2 DOT (Payments: 7.4%, Decline: 5.0%)\n                                                       \xe2\x80\xa2 DOJ (Payments: 35.3%, Decline 31.8%)\n                                                       \xe2\x80\xa2 Treasury (Payments: 31.0%, Decline 28.8%)\n\n                                                       For DOJ, DOT, Treasury and DHS, the actual chargeback\n                                                       transferred per the model was traced to the Summary Chargeback\n                                                       Billing Report for 1998-2003 without exception.\n\n                                                       The actuary\'s review of the model indicated that the liability\n                                                       estimate related to DHS was reasonable.\n\nCalculated the ratio of the agency liability to the    The Liabilities to Benefits Paid ratio (LBP) was 11.5. By group,\nbenefit payments (LBP) by agency and compared          the range of the ratio was from 10.3 (Group V-Postal Service) to\nthis to the agency group ratio. Identified and         13.1 (Group III).\nrequested explanations for those agencies for\nwhich the ratio varied by more than 10 percent         The following agencies varied by more than 10% from their\nfrom their group ratio and lay outside the range of    group\'s ratio and fell outside the range of group ratios: Education\ngroup averages based on predictive test results.       (15.3 - Group II), USAID (9.2 - Group III), All Other Defense\n                                                       (14.6 - Group III), State (8.7 - Group IV).\n\n                                                       For these four agencies the model calculated within 10% of a\n                                                       predictive test based upon each agency\'s prior year liability\n                                                       adjusted for their change in benefit payments and economic\n                                                       assumptions for all but USAID. The model calculation for\n                                                       USAID was lower than the prediction by approximately 21.8%.\n\n                                                       We noted that USAID\'s medical payments increased by 67% in\n                                                       actual dollars during 2003. The model is designed to gradually\n                                                       reflect such fluctuations as part of an overall history of benefit\n                                                       payments. The LBP ratio as calculated does not consider the\n                                                       overall history.\n\nCompared the benefit payments predicted by the         Payments increased in constant dollars approximately 2.14%\nmodel for year 2003 to the actual benefit              during the current fiscal year, which was comprised of a 2.15%\npayments. Identified the agencies where the            increase in compensation and 2.13% increase in medical benefit\nmodel computed benefit payments that varied by         payments.\nmore than 20 percent and $2 million from actual\nbenefit payments made during 2003.                     Actual payments were approximately 11.3% lower than\n                                                       predicted. The following agencies\' actual payments varied from\n                                                       the prediction by more than 20% and $2 million: DOJ\n                                                       (-52.22%), State (+47.2%), Treasury (-40.9%).\n\n\n                                                            19\n\x0c                                                       SECTION 2C\n                                      Agreed-upon Procedures & Results\n\nAgreed-Upon Procedures Performed                        Results of Procedures\n\n                                                        In constant dollars, State\xe2\x80\x99s benefit payments increased over the\n                                                        prior year by 13.4%. Treasury and DOJ are legacy agencies for\n                                                        Homeland Security who transferred subagencies whose histories\n                                                        are expected to reflect higher physical risk than the balance of the\n                                                        subagencies in Treasury and DOJ. Such history would have\n                                                        skewed the projection upward for each agency.\n\n\nCompared an estimate of the liability by agency         The calculated amounts were within 10% of amounts derived by\ncalculated from the agency\xe2\x80\x99s prior year balance,        DOL\'s model for all agencies except USAID (-21.8%), SBA\nthe change in their benefit payments, and the           (-11.5%), and Homeland Security (+13.6%).\noverall effect of change in economic factors to the\nliability computed by the actuarial model.              We noted that the increase in benefit payments for the\n                                                        components of Homeland Security was chiefly comprised of new\n                                                        claims by subagency, Transportation Security Administration.\n                                                        New claims are heavily weighted in the model. As previously\n                                                        cited, Treasury, as a legacy agency for Homeland Security\n                                                        transferred subagencies (Secret Service, Customs, and FLETC)\n                                                        whose history is expected to reflect higher physical risk than the\n                                                        balance of the subagencies in Treasury. Transferring out this\n                                                        history of benefit payments may have resulted in a lower than\n                                                        predicted calculation for the legacy agencies.\n\n                                                        SBA\'s LBP is 12.8% higher than the average (11.5%). This\n                                                        would counter the indication that their liability may be\n                                                        understated.\n\n                                                        DOL\'s actuary reviewed the USAID calculation and indicated the\n                                                        model liability calculation was appropriate.\n\n\nPerformed a limited survey of interest and inflation    Surveyed rates from non-FECA sources for compensation ranged\nrates utilized by the Postal Service, OPM, and two      from 2.38% to 3.00% and for medical ranged from -3.57% to\nother sources with governmental actuarial               1.40%. The rates used by the FECA model compute to net\nliabilities experience.      Determined how the         effective rates of approximately 2.19% for compensation and\nsurveyed, net effective rates compared to the           .55% for medical. The use of lower rates by FECA results in the\ninterest rates used in the model and explained the      calculation of a higher liability which is more conservative.\neffect of rate difference.\n\nCompared the actuarial liability for the Postal         The actuarial liability calculated by DOL for the Postal Service\nService calculated by the model to the actuarial        was 19.5% higher than the calculation prepared by the Postal\nliability calculated by the Postal Service\xe2\x80\x99s            Service. The net effective discount rates used by the Postal\nindependent model.                                      Service were different than those used by DOL.\n\n\n\n\n                                                             20\n\x0c                                                      SECTION 2C\n                                        Agreed-upon Procedures & Results\n\nNET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n\nOverview\n\nAgreed-upon procedures were applied to the net intra-governmental accounts receivable as of\nSeptember 30, 2003, as compared with net intra-governmental accounts receivable as of\nSeptember 30, 2002, with regards to new receivables, collections, write-offs, and chargebacks.\n\nWe compared the fiscal year 2003 net intra-governmental accounts receivable to the fiscal year 2002\nnet intra-governmental accounts receivable and investigated changes of over 5 percent. We compared\nnew receivables, collections and write-offs for fiscal year 2003 to fiscal year 2002; calculated the\naccounts receivable outstanding for each fiscal year; calculated the chargeback and fair share total for\n2003; and confirmed the chargeback amounts billed for claimants\' payments directly with the Federal\nagencies charged.\n\nProcedures and Results\n\nAgreed-Upon Procedures Performed                                      Results of Procedures\nCompared prior year ending net intra-governmental                     The change in the net intra-governmental accounts\naccounts receivable balances to the current year net intra-           receivable balances was in proportion to the increases in\ngovernmental accounts receivable balance by Federal                   benefit payments billed to and paid by each Federal agency.\nagency. Determined whether the increase or decrease was\nin proportion to the change in amounts billed and paid.\n\nConfirmed accounts receivable balances due as of                      Confirmations were reviewed for agreement to amounts\nSeptember 30, 2003, for all CFO Act agencies (except                  recorded.    Explanations for the differences on the\nDOL) and other selected Federal agencies.                             confirmations received were obtained from the agencies\n                                                                      and/or DOL. A confirmation was not received from\n                                                                      Howard University Hospital. DOL\xe2\x80\x99s CFO office has an\n                                                                      interagency workgroup which works to resolve any\n                                                                      differences with the agencies.\n\nCompared the chargeback billing report, for the period                The amounts billed to the Federal agencies for the period\nJuly 1, 2002 through June 30, 2003, to the amounts billed to          July 1, 2002 through June 30, 2003, agreed to the\nthe Federal agencies.                                                 chargeback billing report.\n\nRecalculated the allocation of credits due from the public.           No exceptions were noted.\n\nDetermined, for a non-statistical sample of at least 25 items,        No exceptions were noted.\nwhether claimant accounts receivable overpayments were\nproperly established and classified.\n\n\n\n\n                                                                 21\n\x0c                                                   SECTION 2C\n                                   Agreed-upon Procedures & Results\n\nBENEFIT EXPENSE\n\nOverview\nAgreed-upon procedures were applied to compensation and medical benefit payments in total, by\nstrata, by average payment and by agency for the fiscal year ended September 30, 2003, to the fiscal\nyear ended September 30, 2002, and for the sampling period of October 1, 2002 to April 30, 2003, to\nthe sampling period of October 1, 2001 to April 30, 2002. Changes in the actuarial liability from the\nprior year to the current year were calculated. Agreed-upon procedures were applied to DOL\'s year-\nend cut-off process.\nProcedures and Results\n\n Agreed-Upon Procedures Performed                    Results of Procedures\n\n Compared the benefit payments recorded in the       The benefit payments recorded in the Automated\n Automated Compensation Payment System (ACPS)        Compensation Payment System (ACPS) and the Bill Payment\n and Bill Payment System (BPS) databases to the      System (BPS) databases varied from the SF-224s by 0.26%\n Department of Labor\'s general ledger and the        and varied from the general ledger by 0.27% as of April 30,\n Department of Treasury\xe2\x80\x99s SF-224s as of April 30,    2003.\n 2003, and September 30, 2003.\n                                                     As of September 30, 2003, the ACPS and BPS databases\n                                                     varied from the SF-224s by 1.76% ($41.05 million) and varied\n                                                     from the general ledger by 1.59% ($36.80 million).\n\n Agreed-upon procedures were applied to DOL cut-     The year-end adjustment made to the general ledger to prorate\n off procedures.                                     the expenditures which overlapped fiscal years agreed to the\n                                                     supporting documentation. The adjustments were recorded in\n                                                     the correct period.\n\n Compared the average ACPS and BPS payments by       The average ACPS benefit payments by strata varied from\n strata for the April 30, 2003, and September 30,    -9.51% to 0.98% with an average increase of 2.33% from\n 2003, databases to the average ACPS and BPS         April 30, 2003 to April 30, 2002. The strata that had a variance\n payments by strata for the April 30, 2002 and       greater than 7% was the strata of payments greater than\n September 30, 2002 databases. Determined if there   $150,000, which decreased by 9.51%.\n were any variances over 7 percent.\n                                                     DOL stated that average ACPS benefit payments per case in\n                                                     the stratum over $150,000 are attributable to a small number of\n                                                     cases, less than 50. The decrease from 2002 to 2003 in the\n                                                     average payments per case in this stratum is largely attributable\n                                                     to the specific circumstances of each case rather than trends.\n\n                                                     The average ACPS benefit payments by strata varied from\n                                                     -6.26% to 2.40% with an average increase of 6.16% from\n                                                     September 30, 2003 to September 30, 2002. No strata had\n                                                     variances greater than 7%.\n\n                                                     The average BPS benefit payments by strata varied from\n                                                     -17.33% to 14.02% with an average decrease of 0.81% from\n                                                     April 30, 2003 to April 30, 2002. The strata that had a variance\n                                                     greater than 7% included strata $750 to $1,250 which increased\n                                                     8.74% and strata for payments greater than $75,000 which\n                                                     decreased 17.33%.\n\n\n                                                        22\n\x0c                                   SECTION 2C\n                         Agreed-upon Procedures & Results\n\nAgreed-Upon Procedures Performed      Results of Procedures\n\n                                      DOL stated that average BPS benefit payments in the stratum\n                                      $750 to $1,250 are subject to medical cost inflation. OWCP\n                                      compares FECA medical average costs to nationwide health\n                                      care cost trends as measured by the Milliman Health Cost\n                                      Index. This index measures the change in non-Medicare health\n                                      case costs per capita for the overall national population. The\n                                      annual trend of this index for the audit period exceeded 9%.\n\n                                      DOL stated that average BPS benefit payments in the stratum\n                                      of payments greater than $75,000 are attributable to a small\n                                      number of payments primarily for hospital stays and long-term\n                                      care or other accommodations for disabilities. The decrease\n                                      from 2002 to 2003 in the average payments in this stratum is\n                                      largely attributable to the reductions in such care provided in\n                                      2002 arising from the September 11, 2001 terrorist attacks.\n                                      Because of the small number of bills in this stratum, only a few\n                                      could cause a significant fluctuation.\n\n                                      The average BPS benefit payments by strata varied from\n                                      -14.5% to 19.1% with an average increase of 2.58% from\n                                      September 30, 2003 to September 30, 2002. The strata that had\n                                      a variance greater than 7% was the strata of payments greater\n                                      than $75,000, which decreased by 14.5%.\n\n                                      DOL stated that average BPS benefit payments in the stratum\n                                      of payments greater than $75,000 are attributable to a small\n                                      number of payments primarily for hospital stays and long-term\n                                      care or other accommodations for disabilities. The decrease\n                                      from 2002 to 2003 in the average payments in this stratum is\n                                      largely attributable to the reductions in such care provided in\n                                      2002 arising from the September 11, 2001 terrorist attacks.\n                                      Because of the small number of bills in this stratum, only a few\n                                      could cause a significant fluctuation.\n\n\n\n\n                                         23\n\x0c                                                  SECTION 2C\n                                     Agreed-upon Procedures & Results\n\nAgreed-Upon Procedures Performed                        Results of Procedures\n\nPerformed a trend analysis on the total benefit         The 2003 benefits increased by 5.7% over 2002.\npayments for the last 5 fiscal years. We requested\nexplanations from DOL for variances over 5 percent,     DOL stated that the 2003 total benefit increase over 2002 is\nif any.                                                 attributable to the base pay raise excluding locality pay of\n                                                        3.1%, the 2.4%COLA increase, and medical inflation.\n\n                                                        In addition, the 2001 benefits increased by 5.92% over 2000.\n                                                        DOL stated that medical benefits increased substantially in\n                                                        2001 over prior years resulting in higher overall benefit\n                                                        payments. No other variances over 5% were noted for any of\n                                                        the other 5 years.\n\nCompared the summary chargeback-billing list to the     The agency chargeback billing list varied from the benefit\ntotal benefit payments as of September 30, 2003.        payment    databases    for  the    fiscal   year  ending\n                                                        September 30, 2003 by 1.02%.\n\nCompared by agency, and in total, benefit payments      Benefit payments for the fiscal year ending September 30,\nfor the fiscal year ending September 30, 2003, with     2003 increased 1.5% overall from September 30, 2002.\ntotal benefit payments made for the fiscal year         Benefit payments increased or decreased by more than 7% for\nending September 30, 2002.           We requested       the following agencies:\nexplanations from DOL for any variances over 7\npercent.                                                EOP                   9.98%       USAID       13.57%\n                                                        Smithsonian         15.63%        DOJ         -41.95%\n                                                        NRC                  -7.65%       Treasury   -44.06%\n                                                        CNS                 -21.16%       DOT         -10.85%\n                                                        SBA                  11.52%       Education  -12.65%\n                                                        OPM                  33.59%       FEMA      -123.01%\n\n                                                        DOL stated that the reductions in benefits for the Department\n                                                        of Treasury, DOJ, DOT and FEMA are largely due to the\n                                                        transfer of components to the DHS.\n\n                                                        DOL also stated that the EOP, Smithsonian, CNS, SBA, OPM,\n                                                        NRC, USAID, and Education are very small agencies.\n                                                        Resolution of a small number of cases or very small changes in\n                                                        injury rates or payments for catastrophic injuries can cause\n                                                        significant fluctuations in payments.       Increases in the\n                                                        remaining agencies are primarily due to inflation.        The\n                                                        annualized trend for medical cost increases for the period\n                                                        exceeded 9%, the base pay raise excluding locality pay was\n                                                        3.1%, and the COLA was 2.4%.\n\n\nCompared the benefit payments made by each              As of April 30, 2003, benefit payments increased or decreased\nDistrict office as of April 30, 2003, and September     from April 30, 2002, by more than 5% for the following\n30, 2003, to the prior year data. Determined if there   districts:\nwere any variances larger than 5 percent. We\nrequested explanations from DOL for any variances       New York            9.04%         Dallas          6.99%\nover 5 percent.                                         Cleveland           6.08%         Washington      7.43%\n                                                        Kansas City         8.90%         National Office -6.65%\n                                                        Denver              5.19%\n\n\n\n\n                                                          24\n\x0c                                                SECTION 2C\n                                   Agreed-upon Procedures & Results\n\nAgreed-Upon Procedures Performed                     Results of Procedures\n\n                                                     As of September 30, 2003, benefit payments increased or\n                                                     decreased from September 30, 2002, by more than 5% for the\n                                                     following districts:\n\n                                                     New York           11.63%         Denver         5.55%\n                                                     Philadelphia        5.06%         Seattle         5.93%\n                                                     Jacksonville        5.32%         Dallas          7.57%\n                                                     Cleveland           7.55%         Washington     10.12%\n                                                     Kansas City         8.17%\n\n                                                     DOL stated that the primary reason for increases in benefit\n                                                     payments by District offices is inflation. The annualized trend\n                                                     for medical cost increases for the period exceeded 9%, the base\n                                                     pay raise excluding locality pay was 3.1% and COLA was\n                                                     2.4%. New York and Washington benefit payments were also\n                                                     increased by anthrax claims. In addition, fluctuations are\n                                                     caused by the transfer of cases between District offices.\n\nCalculated a 12-month projected benefit payment      The actual 12-month total benefit payments varied from the\nbased on the April 30, 2003 database (7 months).     projected 12-month total benefit payments for the fiscal year\nCompared the projected 12-month total benefit        ending September 30, 2003, by -2.05%.\npayments to the actual 12-month total benefit\npayments as of September 30, 2003.\n\nInquired of DOL of any comparisons prepared          DOL prepared a study of the amounts paid for 12 different\nbetween the fee schedule used to pay medical         common procedure codes by 19 state agencies for calendar\nproviders with the fee schedule used by other        year 2002. The amounts which would be paid under DOL\'s fee\nagencies.                                            schedule were in between the minimum and maximum of the\n                                                     19 state agencies. DOL did not prepare a new study in 2003.\n\nCalculated the change in the actuarial liability The change in the actuarial liability was calculated correctly by\nreported on the current year and prior year\xe2\x80\x99s DOL.\ncompilation report prepared by DOL.\n\n\n\n\n                                                        25\n\x0c[This page intentionally left blank.]\n\n\n\n\n                 26\n\x0c                                         SECTION 3A\n\n                    INDEPENDENT SERVICE   AUDITORS\'\n                                    8403 Colesville           REPORT\n                                                    Road, Suite\n                                       (301) 585-7990\n                                                                340 Silver Spring, Maryland 20910-3367\n                                                          FAX (301) 585-7975 www.mdocpa.com\n\n                                           SECTION 3A\n                             Independent Service Auditors\xe2\x80\x99 Report\n\nVictoria A. Lipnic, Assistant Secretary\nEmployment Standards Administration, U.S. Department of Labor:\n\nWe have examined the accompanying description of the controls of the Division of Federal\nEmployees\' Compensation (DFEC) applicable to general computer controls and the processing of\ntransactions for users of the Federal Employees\' Compensation Act Special Benefit Fund. Our\nexamination included procedures to obtain reasonable assurance about whether (1) the\naccompanying description presents fairly, in all material respects, the aspects of DFEC controls\nthat may be relevant to a user organization\xe2\x80\x99s internal control as it relates to an audit of financial\nstatements; (2) the controls included in the description were suitably designed to achieve the\ncontrol objectives specified in the description, if those controls were complied with satisfactorily\nand users of the FECA Special Benefit Fund applied the controls contemplated in the design of\nDFEC\'s controls, as described in Section 3B; and (3) such controls had been placed in operation as\nof April 30, 2003.\n\nDFEC uses SunGard eSourcing, Inc. (SunGard), to process information and to perform various\nfunctions related to the data processing services of the FECA Special Benefit Fund. The\naccompanying description includes only those controls and related control objectives at DFEC, and\ndoes not include controls and related control objectives at SunGard, a subservicer. Our\nexamination did not extend to the controls of SunGard, the subservicer. The control objectives\n(Section 3C) were specified by the management of DFEC. Our examination was performed in\naccordance with standards established by the American Institute of Certified Public Accountants,\nGovernment Auditing Standards, issued by the Comptroller General of the United States, and\nincluded those procedures we considered necessary in the circumstances to obtain a reasonable\nbasis for rendering our opinion.\n\nIn our opinion, the accompanying description of the aforementioned controls presents fairly, in all\nmaterial respects, the relevant aspects of DFEC\'s controls that had been placed in operation as of\nApril 30, 2003. Also, in our opinion, the controls, as described, are suitably designed to provide\nreasonable assurance that the specified control objectives would be achieved if the described\ncontrols were complied with satisfactorily and users of the FECA Special Benefit Fund applied the\ninternal controls contemplated in the design of the DFEC\'s controls.\n\nIn addition to the procedures we considered necessary to render our opinion as expressed in the\nprevious paragraph, we applied tests to specified controls to obtain evidence about their\neffectiveness in meeting the related control objectives during the period from October 1, 2002\nthrough April 30, 2003. The specific controls and the nature, timing, extent, and results of the tests\nare summarized in Section 3C. This information has been provided to the users of the FECA\nSpecial Benefit Fund and to their auditors to be taken in consideration, along with information\nabout the internal control at user organizations, when making assessments of control risk for user\norganizations.\n\n\n                                     Affiliated Office Worldwide\n                                                  27\n\x0cDFEC states in its description of controls that it has controls in place that require the review of\nmedical evidence annually or every two or three years depending on the type of compensation paid.\nOur tests of operating effectiveness noted that a significant number of case files contained no current\nmedical evidence as required by DFEC\xe2\x80\x99s policy (Page 66). This resulted in the nonachievement of\nthe control objective \xe2\x80\x9cControls provide reasonable assurance that claimants submitted medical\nevidence to support continuing eligibility for compensation and medical benefits.\xe2\x80\x9d\n\nIn our opinion, except for the matter described in the preceding paragraph, the controls that were\ntested, as described in Section 3C, were operating with sufficient effectiveness to provide\nreasonable, but not absolute, assurance that the specified control objectives were achieved during the\nperiod from October 1, 2002 through April 30, 2003. However, the scope of our engagement did not\ninclude tests to determine whether control objectives not listed in Section 3C were achieved;\naccordingly, we express no opinion on the achievement of control objectives not included in Section\n3C.\n\nThe relative effectiveness and significance of specific controls at DFEC and their effect on\nassessments of control risk at user organizations are dependent on their interaction with the controls\nand other factors present at individual user organizations. We have performed no procedures to\nevaluate the effectiveness of controls at individual user organizations.\n\nThe description of controls at DFEC is as of April 30, 2003, and information about tests of operating\neffectiveness of specified controls covers the period October 1, 2002 through April 30, 2003. Any\nprojection of such information to the future is subject to the risk that, because of change, the\ndescription may no longer portray the controls in existence. The potential effectiveness of specified\ncontrols at DFEC is subject to inherent limitations and, accordingly, errors or fraud may occur and\nnot be detected. Furthermore, the projection of any conclusions, based on our findings, to future\nperiods is subject to the risk that (1) changes made to the system or controls, (2) changes in\nprocessing requirements, or (3) changes required because of the passage of time may alter the\nvalidity of such conclusions.\n\nThis report is intended solely for the information and use of the U.S. Department of Labor, users of\nthe FECA Special Benefit Fund (Federal agencies listed in Section 2B of this report), and the\nindependent auditors of its users.\n\n\n\n\nOctober 8, 2003\n\n\n\n\n                                                 28\n\x0c                                           SECTION 3B\n                         Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                      Description of Controls\n\nOVERVIEW OF SERVICES PROVIDED\nOverview\nThe Federal Employees\' Compensation Act Special Benefit Fund was established by FECA to provide\nincome and medical cost protection worldwide for job-related injuries, diseases, or deaths of civilian\nemployees of the Federal Government and certain other designated groups. The DOL-ESA is charged\nwith the responsibility of operation and accounting control of the Special Benefit Fund under the\nprovisions of FECA. Within ESA, the Office of Workers\' Compensation Programs, Division of\nFederal Employees\xe2\x80\x99 Compensation (DFEC), administers the FECA program.\n\nIn 1908, Congress passed legislation providing workers\' compensation to Federal workers whose jobs\nwere considered hazardous. Due to the limited scope of this legislation, FECA was passed in 1916,\nextending workers\' compensation benefits to most civilian Federal workers. FECA provided benefits\nfor personal injuries or death occurring in the performance of duty.\n\nFECA provides wage replacement (compensation) benefits and payment for medical services to\ncovered Federal civilian employees injured on the job, employees who have incurred a work-related\noccupational disease, and the beneficiaries of employees whose death is attributable to a job-related\ninjury or occupational disease. Not all benefits are paid by the program since the first 45 days from\nthe date of the injury are usually covered by the injured workers being paid by their respective\nagencies in a continuation of pay (COP) status. FECA also provides rehabilitation for injured\nemployees to facilitate their return to work.\nOperational Offices\nDFEC administers FECA through 12 District offices and a National headquarters located in\nWashington, D.C. The District offices and the areas covered by each District office are:\n\n                      Location of\n       District       District Office       States or Regions Covered by District Office\n          1           Boston                Connecticut, Maine, Massachusetts, New Hampshire,\n                                            Rhode Island, Vermont\n           2          New York              New Jersey, New York, Puerto Rico, Virgin Islands\n           3          Philadelphia          Delaware, Pennsylvania, West Virginia\n           6          Jacksonville          Alabama, Florida, Georgia, Kentucky, Mississippi,\n                                            North Carolina, South Carolina, Tennessee\n            9         Cleveland             Indiana, Michigan, Ohio\n           10         Chicago               Illinois, Minnesota, Wisconsin\n           11         Kansas City           Iowa, Kansas, Missouri, Nebraska, all DOL employees\n           12         Denver                Colorado, Montana, North Dakota, South Dakota, Utah,\n                                            Wyoming\n\n\n                                                 29\n\x0c                                            SECTION 3B\n                         Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                      Description of Controls\n\n                      Location of\n       District       District Office        States or Regions Covered by District Office\n         13           San Francisco          Arizona, California, Guam, Hawaii, Nevada\n         14           Seattle                Alaska, Idaho, Oregon, Washington\n         16           Dallas                 Arkansas, Louisiana, New Mexico, Oklahoma, Texas\n         25           Washington, D.C.       District of Columbia, Maryland, Virginia,\n                                             and overseas/special claims\n          50          National Office        Branch of Hearings and Review\n\nSubservicer\n\nDFEC utilizes a subservicer, SunGard, to provide computer hardware and a communications network\nbetween the National office, the District offices and the U.S. Treasury, to maintain a tape library and\ndisk drive backup and for other computer mainframe functions. SunGard\xe2\x80\x99s controls and related\ncontrol objectives were omitted from the description of control objectives, tests of controls and\noperating effectiveness contained in this report. Control objectives, tests of controls and operating\neffectiveness included in this report include only the objectives that DFEC\xe2\x80\x99s controls are intended to\nachieve.\n\n\n\n\n                                                  30\n\x0c                                                  SECTION 3B\n                             Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                          Description of Controls\n\nOVERVIEW OF THE CONTROL ENVIRONMENT\n\nAn organization\xe2\x80\x99s control environment reflects the overall attitude, awareness and actions of\nmanagement and others concerning the importance of controls and the emphasis given to control in\nthe organization\xe2\x80\x99s policies and procedures, methods, and organizational structure. The following is a\ndescription of the key controls that are generally considered to be part of the control environment.\n\nOrganization and Management\n\nOWCP is one of four offices within ESA. DFEC is one of five divisions within OWCP.\n\n                             ESA, Office of Workers\xe2\x80\x99 Compensation Programs\n\n                                                                  Office of Workers\xe2\x80\x99\n                                                                    Compensation\n                                                                       Programs\n\n\n\n                                                   Regional\n                                                  Directors for\n                                                    OWCP\n\n\n\n               Division of          Division of            Division of        Division of Coal    Division of\n                Planning,            Federal              Longshore and       Mine Workers\xe2\x80\x99        Energy\n               Policy and           Employees\xe2\x80\x99           Harbor Workers\xe2\x80\x99       Compensation       Employees\xe2\x80\x99\n               Standards           Compensation           Compensation                           Compensation\n\n\n\n\n   Branch of                           Branch of\n    Policy,         Branch of          Resource\n   Planning          Medical         Allocation and\n      and         Standards and      Management\n    Review        Rehabilitation        Support\n\n\n\n\n                                        OWCP\n                                       Mail Room\n\n\n\n\n                                                           31\n\x0c                                          SECTION 3B\n                          Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                       Description of Controls\n\nDFEC has four branches:\n\n1.       Branch of Regulations and Procedures - This Branch assists in developing claims and\n         benefit payment policies, regulations and procedures; prepares and maintains the program\'s\n         manuals; plans and conducts studies of claims and benefit payment functions; and\n         participates in training activities and accountability reviews of District offices.\n\n2.       Branch of Automatic Data Processing (ADP) Coordination and Control - This Branch\n         provides ADP support services for the FECA program. It coordinates the overall ADP work\n         of DFEC and provides policy direction for ADP systems activities.\n\n3.       Branch of Technical Assistance - This Branch develops materials for use by District offices\n         and other Federal agencies to educate Federal employees in reporting injuries and claiming\n         compensation under the FECA. They also hold workshops for compensation personnel in\n         various Federal agencies and for groups of employee representatives.\n\n4.       Branch of Hearings and Review - This Branch is responsible for conducting hearings and\n         reviews of the written record in FECA cases. Hearing Representatives issue decisions\n         which sustain, reverse, modify, or remand cases to the OWCP District offices.\n\n                     Division of Federal Employees\xe2\x80\x99 Compensation (DFEC)\n\n\n\n                                               Office of the Director\n                                                   Deputy Director\n\n\n\n\n                     Branch of        Branch of ADP              Branch of      Branch of\n                   Regulations and     Coordination              Technical     Hearings and\n                     Procedures        and Control               Assistance      Review\n\n\n\n\n                                                32\n\x0c                                             SECTION 3B\n                          Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                       Description of Controls\n\nBranch Operations\n\nA Branch Chief reports directly to the Deputy Director. The Director and Deputy Director coordinate\nthe operations of the 12 District offices.\n\nDistrict Offices\n\nA District Director (DD) oversees the daily operations at each of the 12 District offices. The DD is\nprimarily assisted by an Assistant Director (in the larger District offices) that oversees the Claims\nSection and a Fiscal Officer that oversees the Fiscal Section.\n\nThe District offices serve the persons residing within their districts. When an individual moves from\none district to another, the individual\'s case file and responsibility for monitoring the case is\ntransferred to the District office where the individual has moved, unless the case is for a claimant\nspecified as a special employee. Cases specified as special employee cases are always processed at\nDistrict office 50 (the National office).\n\nThe specific functions within the District offices are:\n\n1.     Claims Functions. In each District office are two or more Supervisory Claims Examiners, who\n       are responsible for the operation of individual claims units, and a number of Senior Claims\n       Examiners and Claims Examiners (CE), who have primary responsibility for handling claims,\n       including authorization of compensation and eligibility for medical benefits. Individuals at\n       each level of authority from DD to CE have been delegated specific responsibilities for issuing\n       decisions on claims.\n\n2.     Fiscal Functions. Each District office usually has a Fiscal Operations Specialist and at least\n       one Benefit Payment Clerk. Some District offices have a Bill Pay Supervisor as well. The\n       unit is generally responsible for resolution of problems with medical bills, complex\n       calculations of benefits and overpayments, adjustments to compensation and bill pay histories,\n       changes in health benefits and life insurance coverage, and financial management records. In\n       some District offices, fiscal personnel enter compensation payments into the electronic system.\n\n3.     Medical Functions. Each District office usually has at least one District Medical Adviser\n       (DMA) who works under contract to review individual cases, and some District offices have a\n       District Medical Director (DMD) as well. Each District office also has a Medical Management\n       Assistant, who arranges referrals to second opinion and referee specialists. Each District office\n       also has a Staff Nurse, who is responsible for coordinating a number of Field Nurses who\n       monitor claimant\'s medical progress and assist their efforts to return to work.\n\n\n\n\n                                                    33\n\x0c                                                      SECTION 3B\n                              Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                           Description of Controls\n\n4.       Mail and File Functions. Personnel in this area open, sort, and place mail; set up case files,\n         retire case records according to established schedules; and transfer case files in and out of\n         the District office. OWCP also uses a centralized mailroom located in London, Kentucky,\n         for routine mail. Mail such as Forms CA-1, CA-2, CA-7, CA-16, congressional inquiries\n         and certain types of medical provider bills are processed by the District offices and not in\n         the centralized mailroom.\n\n5.       Vocational Rehabilitation Functions. Each District office has at least one Rehabilitation\n         Specialist (RS) and usually a Rehabilitation Clerk. The RS manages a number of\n         Rehabilitation Counselors, who work under contract with OWCP to help return claimants to\n         suitable work, preferably with little or no loss of earnings. The emphasis of the\n         rehabilitation program is on early referral and evaluation of all injured workers who need\n         services; case management standards to ensure that plans are efficient and of good quality;\n         flexibility to provide the widest range of services from private and public rehabilitation\n         agencies; preference for reemployment with the previous employer; and placement of\n         workers in jobs where disability does not prevent them from competing with non-disabled\n         employees.\n\n\n\n                                         DFEC District Office Structure1\n\n                                                               Office of the\n                                                                 District\n                                                                 Director\n\n\n\n\n                               Assistant                                              Branch of\n                               District                                               Operations\n                               Director                                                Support\n\n\n                               Claims\n                               Section                              Mail and             Fiscal               Medical\n                                                                     File               Section               Section\n\n\n                                                                                        Bill Pay\n                                                                                        Section\n\n\n     1\n         The organizational structure regarding the Vocational Rehabilitation functions varies among the District offices.\n\n                                                               34\n\x0c                                            SECTION 3B\n                          Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                       Description of Controls\n\nOVERVIEW OF TRANSACTION PROCESSING\n\nIdentification and Registration of the Recipient of FECA Benefits\n\nAuthorized recipients of FECA benefits are those individuals who meet all five eligibility criteria.\nInjured workers submit claim information to the District office that serves the geographical location in\nwhich the claimant resides. Claims are processed by the District office using the Case Management\nFile (CMF) system.\n\nThe CMF uses a standard identification number of nine characters to identify each case file. This\nnumber is called the case number. All recipients of FECA benefits must have a unique case number\nrecorded in the CMF, some individuals could have multiple case numbers if the individual has\nsustained more than one injury.\n\nThe CMF maintains an automated file with identification on all individuals who have filed claims with\nFECA. These records contain data elements that identify the claimant, the mailing and/or location\naddress for the claimant, and additional injury and case status information.\n\nBenefit Payments\n\nFECA claimants may be entitled to compensation for injury and lost wages, schedule awards, death\nbenefits and payment of medical expenses related to the work-related injury or illness. The payments\nfor lost wages, schedule awards and death benefits are processed through the Automated\nCompensation Payment System (ACPS), while the payments for medical expenses are processed\nthrough the Bill Payment System (BPS). Each of these systems support the Department of Labor\'s\ngeneral ledger system.\n\nThe primary function of ACPS is to process the payment of weekly, monthly, and supplemental\nbenefits to claimants. The ACPS interfaces with the CMF to ensure that approved claims are\nsupported by a valid case number. District office personnel input compensation payment data\nworksheets into the ACPS. The inputs onto the payment data worksheets are reviewed for accuracy\nby a Senior Claims Examiner. If the information is correct, no further action is required, and\npayments will be made during the next appropriate payment cycle.\n\nApproved payments are stored in a temporary file for the duration of the appropriate compensation\npayment cycle: Daily Roll (5 days), Death Benefits (28 days), or Disability (28 days). At the end of\nthe cycle, the mainframe runs automated programs to format the data to Treasury specifications, to\nupdate the compensation payment history files for use in the Chargeback System, and to send\nsummarized information to the District office Fund Control System. The compensation payment data\nare formatted and sent to Treasury via a secure modem over a dedicated line for payment processing.\n\n\n\n                                                  35\n\x0c                                            SECTION 3B\n                          Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                       Description of Controls\n\nThe primary function of the BPS is to process payments to medical service providers or\nreimbursements to claimants for medical expenses incurred for the work-related injury or illness. The\nNational office has the responsibility of compiling the BPS data on a nightly basis as it is transmitted\nfrom each District office. Medical bills containing charges for other than appliances, supplies,\nservices or treatment provided and billed for by nursing homes are subject to a medical fee schedule.\nThe mainframe will run a zip code check and a comparison check of the amount to be paid to fee\nschedules in each geographical area. If the amount is in excess of the geographical fee schedule, the\nsystem will limit the payment to the maximum amount in the fee range. Bills which fail certain edit\ncodes are identified by the system, excluded from payment and sent to a Bill Resolver at the District\noffice for further review.\n\nApproved payments are stored in a temporary file for the duration of the bill payment cycle of 5 days.\nAt the end of the cycle, the mainframe runs programs that formats the data to Treasury\xe2\x80\x99s\nspecifications, updates the bill payment history files for use in the Chargeback System, and sends\nsummarized information to the District office Fund Control System. The formatted bill payment data\nis then sent to Treasury via a secure modem over a dedicated line for payment processing.\n\n\n\n\n                                                  36\n\x0c                                                                    SECTION 3B\n                                    Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                                 Description of Controls\n\nThe following charts set forth an overview of transaction processing at DFEC:\n\nProcessing of Compensation Payments\n              CA-7, Claims for                                                                                 T-Cup\n              compensation is                             CA-7 is                Data Entry                accesses CMF\n               received in the                            imaged                 Operator                  to check for a\n                 Mailroom                                   into                 keys dates                  valid case\n                                                          OASIS                  into T-Cup                   number\n\n\n\n                          Claims                                        Claims                               Electronic\n                         Examiner                                      Examiner                              case file is\n                        approves or                                     reviews                             accessed by\n                        denies claim                                     CA-7                                  the CE\n\n\n\n\n                       Claims Examiner\n                       keys approved or\n                       denied status into\n                            ACPS\n     Claim                                             Claim\n     Denied                                           Accepted\n\n           Claimant is                                                                                                         ACPS stores\n                                                ACPS\n         notified of case                                              Payment is             Payment is certified               approved\n                                              accesses\n                                                                        set up by               by a Sr CE or                  payments for\n          determination                       CMF to\n                                                                           CE                     equivalent                     overnight\n                                            ensure case\n                                                                                                                               transmission\n                                            file number\n                                                                                                                                to National\n                                               is valid\n                                                                                                                                mainframe\n\n\n\n\n                                                                                              Mainframe\n                        CE approves or                           CE reviews                   transmits                     Mainframe receives\n                           does not                           payment computed                 payment                       payment data and\n                           approve                              by Mainframe                    data to                     calculates payment\n                          payment                                                              District                          schedule\n                                                                                                office\n\n\n\n\n      Claims Examiner                      Approved\n                                         payments are                         Payments not\n        re-inputs case                                                                                                  Payment\n                                         submitted to                          changed are\n      and resubmits for                                                                                              information is\n                                           SrCE for                             considered\n          processing                                                                                                 transmitted to\n                                          verification                          acceptable\n                                                                                                                        Treasury\n\n\n\n\n                                                                         37\n\x0c                                               SECTION 3B\n                          Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                       Description of Controls\n\nProcessing of Medical Payments\n\n    Bill is received in          Bill is                  Bill is received\n     District office              date                    by Data Entry         Data Entry\n        mailroom                stamped                     personnel          personnel key\n                                                                               payment into\n                                                                                   BPS\n\n\n\n\n                                                                  BPS          BPS accesses\n                                                               performs        CMF to verify\n                                                              edit checks       case number\n\n\n\n\n                                                           BPS processes\n                                                           disposition of\n                                                            edit checks\n\n\n\n\n                              SUSPENDED                     APPROVED                  DENIED\n\n\n\n\n                             Suspended Items            Approved payments            Notice sent to\n                                 Report                  are transmitted to        provider of denial\n                                                        National Mainframe         and appeal rights\n                                                             overnight\n\n     Approved\n                                Suspended\n                                  bills are               Payment data is\n                                 reviewed               received in National\n                                  by Bill                      office\n                                 Resolver\n\n                                                    Payment is generated\n                                                    and sent to provider\n\n\n                              Bill Resolver\n                               approves or\n                                                                                      Denied\n                             denies payment\n\n\n\n\n                                                   38\n\x0c                                            SECTION 3B\n                          Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                       Description of Controls\n\nComputer-Generated Reports\n\nBPS generates a summary report on a weekly basis. The report is a history of bill payments for the\nweek. This report can be utilized for investigative purposes as well as for confirming whether a\nparticular bill has been paid.\n\nThe ACPS generates a summary report on a daily basis which is a history of compensation payments.\nThis report can be utilized for investigative purposes as well as for confirming whether a particular\nclaim has been paid. The mainframe transmits updated ACPS history files to the District offices\nwhere they are available for query purposes for 6 months. The mainframe retains the history files for\nquery purposes for 2 years before they are archived.\n\nChargeback System\n\nThe ACPS and BPS history files are combined on a quarterly and annual basis into the Chargeback\nSystem (CBS). CBS is used to generate financial data that is interfaced into DOL\xe2\x80\x99s core financial\nmanagement system, DOLAR$. CBS also provides a method for tracking intra-governmental\naccounts receivable activity and for billing Federal agencies.\n\nDFEC is required to furnish to each agency and instrumentality, before August 15th of each year, a\nstatement or bill showing the total cost of benefits and other payments made for the program year\nwhich is from July 1 through June 30. CBS creates the bills which are sent to each employing agency\nfor benefits that have been paid on the agency\'s behalf.\n\nEach agency is required to include in its annual budget estimates for the fiscal year beginning in the\nnext calendar year, a request for an appropriation for the amount of these benefits. These agencies are\nto reimburse the Special Benefit Fund the amount appropriated for these benefits within 30 days after\nthe appropriation is available. If an agency is not dependent on an annual appropriation, then the funds\nare to be remitted during the first 15 days of October following the issuance of the bill.\n\nThe bills sent to agencies contain identifying codes for both the fiscal year being billed and the fiscal\nyear in which the bill is to be paid. Each bill sent out in fiscal year 2002 and due in fiscal year 2003\nwould be coded as follows: 02-XXX-03. The 02 indicates the year the bill is generated, the XXX\nindicates the numerical sequence of the bill, and the 03 indicates the year that the bill is due and\npayable.\n\nThe Intra-Governmental Payment and Collection (IPAC) system is utilized to facilitate the electronic\nbilling between Federal agencies through Treasury. Agencies can use IPAC to complete payments by\nchoosing the IPAC payment option in Treasury\xe2\x80\x99s GOALS II system and entering the required payment\ninformation to complete the transaction and transfer funds.\n\n\n\n                                                   39\n\x0c                                            SECTION 3B\n                          Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                       Description of Controls\n\nThird Party Settlements\n\nAn injury or death for which compensation is payable to a FECA claimant that is caused under\ncircumstances creating a legal liability on a person or persons other than the United States (a third\nparty) to pay damages will result in the case being classified as a third party case. Status codes are\nused to track the progress of third party cases in the CMF. OWCP generally requires the claimant to\npursue legal action; however, the United States government can pursue action on its own by requiring\nthe beneficiary to assign rights of action to the United States.\n\nA letter (CA-1045) is sent to a claimant by the CE when initial injury reports indicate a potential third\nparty liability. The CA-1045 requests information about the injury, the third party and the actions\ntaken by the claimant in regards to pursuing a claim against the third party, including the hiring of an\nattorney.\n\nWhen the CE receives a reply to the CA-1045 (or does not receive a reply 30 days after the second\nrequest is sent to the claimant) or obtains the name and address of the attorney representing the\nclaimant, the case is processed by the CE (in the smaller District offices) or referred to a Designated\nClaims Examiner (DCE) (in the larger District offices).\n\nA case may be closed as "minor" and not pursued if the claimant has an injury where the total medical\nbills, compensation and time lost from work do not exceed or are not expected to exceed $1,000.\nAdditionally, a case may only be closed as "minor" if the claimant has not responded to the CA-1045,\nor has responded but is not personally asserting a third party claim and has not retained an attorney.\n\nThe DCE refers the case to the appropriate DOL, Office of the Solicitor (SOL) in the following\ninstances:\n\xe2\x80\xa2 the case is not minor and advice is received that the claimant is negotiating a settlement;\n\xe2\x80\xa2 advice is received that the claimant has retained an attorney to handle the third party action,\n    regardless of the amount of disbursements;\n\xe2\x80\xa2 the case is not minor and the claimant refuses to pursue the third party claim or does not reply to\n    the CA-1045; and,\n\xe2\x80\xa2 the case involves a death claim, a permanent disability, Job Corps, Peace Corps, VISTA, an injury\n    occurring outside the United States or Canada, a common carrier as the potential defendant,\n    malpractice, product liability or an injury to more than one employee.\n\nOnce referred to SOL, the DCE performs certain actions to ensure that the case is properly tracked\nwhile at SOL. For instance, after the initial referral, an updated disbursement statement is furnished to\nthe SOL within 5 working days of receipt of the request. Termination or changes in periodic roll\npayments must be reported to the SOL immediately. Additionally, the DCE requests a status report\nfrom the SOL at 6-month intervals.\n\n\n\n                                                   40\n\x0c                                            SECTION 3B\n                         Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                      Description of Controls\n\nWhen a settlement is reached in a third party case, the DCE prepares a Form CA-164 which is a\nsummary of all disbursements made to the claimant for compensation payments and to medical\nproviders on the claimants behalf, and forwards it to the Fiscal Section. If an amount owed from the\nclaimant is received by OWCP, the amount is credited against the ACPS and BPS, as appropriate. By\nrecording the amount in the ACPS and BPS, the proper employing agency is credited with the\namounts recovered from third party settlements.\n\nIf a full reimbursement from the third party refund is not received by OWCP from the claimant, an\naccounts receivable balance is set up for the amount still due. If the amount recovered by the claimant\nexceeds the amount already paid by OWCP to the claimant for compensation and medical benefits,\nthen the excess amount recovered by the claimant is recorded and tracked in the case file to prohibit\nany additional benefits from being paid to the claimant until the amount of eligible benefits to the\nclaimant exceeds the excess amount.\n\n\n\n\n                                                  41\n\x0c                                            SECTION 3B\n                          Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                       Description of Controls\n\nOVERVIEW OF COMPUTER INFORMATION SYSTEMS\n\nThe computerized accounting system used by the Federal Employee\'s Compensation Special Benefit\nFund maintains the data for each of the claimants applying for FECA benefits. The Federal\nEmployees\' Compensation System (FECS) is the electronic data processing system for FECA benefits.\nThis computer system is comprised of the following five subsystems:\n\n          \xe2\x80\xa2   Automated Compensation Payment System (ACPS)\n          \xe2\x80\xa2   Medical Bill Payment System (BPS)\n          \xe2\x80\xa2   Case Management File (CMF)\n          \xe2\x80\xa2   Debt Management System (DMS)\n          \xe2\x80\xa2   Chargeback System (CBS)\n\nThe FECS provides authorized users with on-line access to the various subsystems for file\nmaintenance and information purposes. Access to the FECS through computer terminals located in\nthe National and 12 District offices permits authorized users to perform a variety of functions, such as\nquery, add, and update claims data, track claims and overpayments, calculate retroactive benefit\npayments and enroll approved claimants for benefits on the FECS.\n\nIn addition to storing information relevant to claims adjudication, benefit entitlement and payment\nstatus, the FECS generates reports primarily used by management in administering the FECA\nProgram. The System also processes payments for covered medical expenses and monthly and\nsupplemental benefit payments to or on behalf of program beneficiaries.\n\nAccess to the FECS is limited to only certain employees, and their degree of access is based upon the\nusers\xe2\x80\x99 functions within the program. The FECA ADP Security Officer within the Branch of ADP\nCoordination and Control is responsible for assigning passwords and other procedures required to\npermit access to the FECS at the National office; District System Managers are responsible for\nassigning passwords and other procedures required to permit access to the FECS at the District office\nlevel. Controls to restrict access to the FECS to authorized personnel, at both the National and District\noffice level include the following:\n\n\xe2\x80\xa2   A security briefing is given for each person having access to the system;\n\xe2\x80\xa2   Access and an access profile for authorized users are established through a security software\n    package (Access Control Facility);\n\xe2\x80\xa2   Computer Information Control System establishes terminal access to the host computer;\n\xe2\x80\xa2   Log-on attempts are restricted to three attempts;\n\xe2\x80\xa2   An audit trail report of unauthorized attempts to access the system is available;\n\xe2\x80\xa2   Terminals are secured in locked rooms at the end of the work day; and\n\xe2\x80\xa2   Written procedures exist for both physical hardware and software security.\n\n\n                                                   42\n\x0c                                            SECTION 3B\n                         Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                      Description of Controls\n\nOrganization and Administration\n\nA System Administrator within DFEC\xe2\x80\x99s Branch of ADP Coordination and Control is responsible for\noverseeing all data processing activities at the National office level. DFEC has contracts with outside\ncomputer consulting firms who provide software development and maintenance and network and\ncomputer hardware maintenance for DFEC.\n\nAt each District office, a System Manager is responsible to the District Director and Regional Director\nfor overseeing all the data processing activity performed at the District office level (including user\naccess). The Systems Managers are under the supervision of the Division of Information Technology\nManagement and Services (DITMS). DITMS includes both Federal government employees and\noutside contractors. The System Managers have access to system data for report generation and\nsubmission purposes. The System Managers can only extract information from the database, not\nchange any of the source codes (i.e., programs).\n\nThe function of the DITMS is to maintain computer networks, operating systems and computer\nhardware systems. The DITMS installs all of the data processing applications and modifications\ndeveloped by DFEC. In addition, DITMS employs and supervises all District office system managers\nand subordinate staff.\n\nOperations\n\nDOL\xe2\x80\x99s Directorate of Information Resource Management (DIRM) contracted with SunGard\neSourcing, Inc. (SunGard), for computer mainframe time-sharing services. SunGard provides\ncomputer hardware and a communications network between the National office, the District offices\nand the U.S. Treasury. In addition, SunGard maintains a tape library and disk drive backup.\n\nFECS encompasses four levels of hardware, software, communications, supplies and facility\nresources: SunGard mainframe, National office Sequent minicomputers, District office Sequent\nminicomputers and the user and programmer development terminal personal computers with\nauthorized access into the mainframe or minicomputer system.\n\nFormal operator and user manuals are available for some components of the system. The software\ncontains extensive input edit checks. Errors are automatically rejected by the system and queued for\nreview by the appropriate individuals. Reports that track the errors, including aging information, are\nroutinely produced.\n\nDocumentation\n\nHardware: DITMS maintains an extensive list of the hardware used in the FECS processing at all\nsites.\n\n\n                                                  43\n\x0c                                          SECTION 3B\n                         Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                      Description of Controls\n\nSoftware: DITMS maintains an extensive list of the third party software used in the FECS processing\nwhich includes operating system software, compilers and utilities. DFEC is responsible for the\nmaintenance of FECS application software. OWCP requests hardware and software modifications,\nDFEC designs and tests the modifications, and DITMS installs the modifications.\n\nAcceptance testing is performed using an environment that closely copies the development\nenvironment. The procedures used for the acceptance testing varies according to subsystem. No\nformal documentation of the acceptance testing is maintained. However, DFEC maintains a history of\nall prior source code versions which provides evidence of all modifications of the source code.\n\nThe System Administrator has two assistants. One is responsible for computer design development,\nprogramming and analysis, and the other is responsible for evaluating the testing of all new and\nmodified source codes (programming) including the distribution to the District offices and the\nsupervision of all staff programmers.\n\nAnti-Virus Control\n\nThe FECS currently runs a variety of anti-virus or virus checking routines. Each file server runs an\nanti-virus module resident on the server. Anti-virus software is used to scan disks to identify and\nremove viruses. All of the personal computers utilize anti-virus software that can be run in a\nscheduled or unscheduled ad hoc mode.\n\n\n\n\n                                                44\n\x0c                                             SECTION 3B\n                          Division of Federal Employees\xe2\x80\x99 Compensation\xe2\x80\x99s\n                                       Description of Controls\n\nCONTROL OBJECTIVES AND RELATED CONTROLS\n\nDFEC\'s control objectives and related controls are included in Section 3C of this report, "Information\nProvided by the Service Auditor," to eliminate the redundancy that would result from listing them\nhere. Although the control objectives and related controls are included in Section 3C, they are,\nnevertheless, an integral part of DFEC\'s description of controls.\n\nUSER CONTROL CONSIDERATIONS\n\nDFEC\'s processing of transactions and the controls over transaction processing were designed with the\nassumption that certain internal controls would be in operation at user organizations to complement\nthe controls at DFEC. User auditors should determine whether user organizations have established\ninternal controls that ensure the following:\n\xe2\x80\xa2 Employing agencies understand their responsibilities under FECA.\n\xe2\x80\xa2 Employing agencies provide injured employees with accurate and appropriate information\n    regarding injuries covered under FECA, including the employees\' rights and obligations and claim\n    forms.\n\xe2\x80\xa2 Employing agencies timely and accurately report all work-related injuries and deaths to DFEC via\n    the injury and death reporting forms such as the CA-1, CA-2, and CA-5, once completed by\n    injured employee or claimant in the case of death. Supervisors should encourage persons\n    witnessing injuries to record and report what was witnessed to DFEC.\n\xe2\x80\xa2 Employing agencies provide complete and accurate information regarding a claimant\xe2\x80\x99s rate of pay,\n    hours worked, leave taken, and continuation of pay to DFEC.\n\xe2\x80\xa2 Employing agencies promptly controvert questionable claims.\n\xe2\x80\xa2 Employing agencies monitor the medical status of injured employees to be aware of what work the\n    injured employee is capable of to enable the employing agency to provide additional information\n    on the requirements of a position, or modified position, when applicable.\n\xe2\x80\xa2 Employing agencies assist DFEC in returning employees to work by establishing or identifying\n    positions, either modified or light-duty, to return the injured employee to work as early as possible.\n    The employing agency also needs to inform DFEC directly of the positions available.\n\xe2\x80\xa2 Employing agencies review the chargeback coding notification (postcard) sent by DFEC when an\n    injury report is received to ensure the individual will be charged to the proper agency and\n    department.\n\xe2\x80\xa2 Employing agencies review quarterly chargeback billings to ensure that each injured employee\n    charged to their department and agency are employees or former employees of the agency, and\n    that the amounts charged for compensation costs appear reasonable in light of the injured\n    employee\'s compensation and the date of injury.\n\n\n\n\n                                                   45\n\x0c                                             SECTION 3C\n                            Information Provided by the Service Auditor\n\nOVERVIEW OF INFORMATION PROVIDED\n\nThis report is intended to provide users of the FECA Special Benefit Fund with information about the\ncontrols at the DFEC that may affect the processing of user organizations\' transactions, general\ncomputer controls and also to provide users with information about the operating effectiveness of the\ncontrols that were tested. This report, when combined with an understanding and assessment of the\ninternal controls at user organizations, is intended to assist user auditors in (1) planning the audit of\nthe user organizations\' financial statements and (2) assessing control risk for assertions in user\norganizations\' financial statements that may be affected by controls at DFEC.\n\nOur testing of DFEC\'s internal controls was restricted to the control objectives and the related controls\nlisted in this section of the report and was not extended to procedures described in Section 3B but not\nincluded in this section or to procedures that may be in effect at user organizations. It is each user\nauditor\'s responsibility to evaluate this information in relation to the internal controls in place at each\nuser organization. If certain complementary controls are not in place at user organizations, DFEC\'s\ninternal controls may not compensate for such weaknesses.\n\nTESTS OF CONTROL ENVIRONMENT ELEMENTS\n\nThe control environment represents the collective effect of various elements in establishing, enhancing\nor mitigating the effectiveness of specific controls. In addition to tests of operating effectiveness of\nthe controls listed in this section of this report, our procedures also included tests of and consideration\nof the relevant elements of the DFEC\'s control environment including:\n               \xe2\x80\xa2 DFEC\'s organizational structure and the segregation of duties\n               \xe2\x80\xa2 Management control methods\n               \xe2\x80\xa2 Management policies and procedures\n\nSuch tests included inquiry of appropriate management, supervisory, and staff personnel; inspection of\nDFEC\'s documents and records, and observation of DFEC\'s activities and operations. The results of\nthese tests were considered in planning the nature, timing, and extent of our tests of the specified\ncontrols related to the control objectives described within this report.\n\nTESTS OF GENERAL COMPUTER CONTROLS\n\nThe Department of Labor, Office of Inspector General, adopted an Information Technology Rotation\nStrategy which targets specific DOL financial and financial-related systems for reviews to be\nperformed during each audit cycle. The intent of the Audit Rotation Strategy is to ensure that all\ncritical applications are given a complete FISCAM audit over an approximately 5-year period. Based\non the review of prior year results, not every general control will be tested yearly. The strategy is\nreviewed and updated annually to ensure risk considerations are addressed. In FY 2003 audit\nprocedures related to general computer controls were performed in the areas of Entity-wide Security\nProgram Planning and Management, Access Controls, and Service Continuity on the Federal\nEmployees\xe2\x80\x99 Compensation System in accordance with the FISCAM.\n\n                                                    46\n\x0c                                             SECTION 3C\n                            Information Provided by the Service Auditor\n\nSAMPLING METHODOLOGY\n\nTo facilitate the testing of transaction processing controls, we developed a sampling plan as outlined\nbelow.\n\nWe performed tests on a sample of compensation for lost wages, schedule awards, death benefits and\nmedical benefit payments paid during the period October 1, 2002, to April 30, 2003, at 5 of 12 District\noffices. The sample design involved a two-stage process.\n\nThe first stage in our sample design was the selection of District offices. District offices were\nrandomly selected by first forming two strata of the districts and then taking all the districts from the\nfirst strata, and selecting two districts from the second strata. This procedure resulted in the selection\nof five District offices. The five District offices comprised approximately $796 million of the\n$1.398 billion or 57 percent, of FECA payments during the seven month period ended April 30, 2003.\n\nThe second stage of the sample design was the selection of sampling units. The sampling units were a\nmedical bill or the total compensation payments paid to a single case number for the sampling period.\nThe universe of the sample districts was stratified into 13 strata for the compensation payments and\ninto 12 strata for the medical payments. The sample size was determined for each of the 13 strata for\ncompensation and 12 strata for the medical payments using the following parameters:\n\n              \xe2\x80\xa2   Total number of items and dollar value of the strata universe;\n              \xe2\x80\xa2   Estimated variance within each strata;\n              \xe2\x80\xa2   95% confidence level (5% risk of incorrect acceptance);\n              \xe2\x80\xa2   Variable sampling precision (2% to 7%) of the point estimate; and\n\nUsing statistical formulas, these parameters yielded a total sample of 416 items. Of the total sample,\n238 were medical payments and 178 were compensation payments. The sample items were then\nrandomly selected.\n\nOur detailed substantive testing was performed at the following District offices with the following\nnumber of items tested:\n                                                                Number of\n          District Office                                     Statistical Items\n          Philadelphia                                                  78\n          Jacksonville                                                  89\n          Denver                                                        72\n          San Francisco                                                 98\n          Washington                                                    79\n          Total                                                       416\n\n\n\n\n                                                   47\n\x0c                                              SECTION 3C\n                            Information Provided by the Service Auditor\n\nOur testing at the District offices consisted of control tests in the following categories:\n\n       \xe2\x80\xa2   Case Creation\n       \xe2\x80\xa2   Initial Eligibility\n       \xe2\x80\xa2   File Maintenance\n       \xe2\x80\xa2   Continuing Eligibility - Medical Evidence\n       \xe2\x80\xa2   Continuing Eligibility - Earnings Information\n       \xe2\x80\xa2   Payment Processing\n       \xe2\x80\xa2   Schedule Awards\n       \xe2\x80\xa2   Death Benefits\n       \xe2\x80\xa2   Medical Bill Payment Processing\n       \xe2\x80\xa2   Third Party Settlements\n\nThe number of sample items for control tests was statistically selected based on the sampling plan\ndetailed previously. The number of sample items tested was determined based on the number of items\nto which the test of controls applied. The control tests would not be applicable to some sample items\ndue to factors such as the age of the injury. Additional testing was performed on items that were\nselected in a non-statistical method as follows:\n\nInitial Eligibility Cases\n\nAudit queries were generated which determined all of the cases in which claimants were injured and\nbegan receiving compensation during the sampling period of October 1, 2002, to April 30, 2003. From\na population of 19,855 initial eligibility cases in the 5 District offices tested, 10 cases per District\noffice, for a total sample of 50, were selected. We reviewed the case files to ensure that the proper\nprocedures had been followed in determining whether or not the claimants were eligible to receive\nbenefit payments and whether benefit payments were paid at the correct amount.\n\nMultiple Claim Payments\n\nAudit queries were generated which compared certain elements of each compensation payment made\nduring the period October 1, 2002, through April 30, 2003. The query compared case files in which\nthe social security number was the same for multiple case files. This situation would normally occur\nwhen an employee has suffered more than one injury, as a separate case number is assigned for each\ninjury. We selected a sample of 50 multiple claim compensation payment items to be tested and\nanalyzed the payments to ensure that a claimant was not receiving excessive or overlapping\ncompensation.\n\nThird Party\n\nAudit queries were generated which determined all claimants that had a third party status indicator in\nthe CMF. We then randomly selected 50 cases from a population of 263 cases with third party\nindicators, active within the sampling period, in the District offices in which test work was to be\nperformed.\n                                                     48\n\x0c                                                 SECTION 3C\n                                 Information Provided by the Service Auditor\n\nCurrent Medical Evidence\n\nAudit queries were generated which determined all claimants with a short-term disability status, on\nwhich compensation was currently being paid, but for which no medical payments were made in the\npast 2 years, to determine which cases may not have current medical evidence. We then randomly\nselected 50 cases from a population of 10,572 cases which met our query definition, in the District\noffices in which testwork was to be performed.\n\nSummary of Sample Items\n\nThe following sample items were selected for substantive testing of transactions:\n\n                                                                            San              Sub-         Sub-\n      Sample Type            Philadelphia   Jacksonville        Denver                D.C.                        Total\n                                                                         Francisco           total        total\nLost Wages (S)                     30            31               22        29         19     131\nDeath (S)                          1              1                0         5          9      16          178\nSchedule Award (S)                                                                                                 416\n                                   1              8                6         8          8      31\nMedical Bills (S)                  46            49               44        56         43            238\nInitial Eligibility (N)            10            10               10        10         10            50\n                                                                                                                   100\nMultiple Claim (N)                 10            10               10        10         10            50\nPotential Duplicates(N)             -            10               10        10         20                          50\n\n\nThe following sample items were selected for testing of internal controls:\n\n\n                                                                         San                 Sub-      Sub-\nSample Type                  Philadelphia   Jacksonville        Denver               D.C.                         Total\n                                                                         Francisco           total     total\nLost Wages (S)                     22            23               20        19         15      99\nDeath (S)                          1              1                0         5          9      16          146\nSchedule Award (S)                 1              8                6         8          8      31                  265\nMedical Bills (S)                  23            24               24        24         24            119\nInitial Eligibility (N)            10            10               10        10         10                          50\nThird Party (N)                     6            10               10        10         14                          50\nCurrent Medical (N)                10            10               10        10         10                          50\n\n(S) \xe2\x80\x93 Statistically selected sample\n(N) \xe2\x80\x93 Non-statistically selected sample\n\n\n\n\n                                                           49\n\x0c                                              SECTION 3C\n                             Information Provided by the Service Auditor\n\nCONTROL OBJECTIVES, RELATED CONTROLS, AND TESTS OF CONTROLS\n\nThis section presents the following information provided by the DFEC:\n\n\xe2\x80\xa2   The control objectives specified by management of DFEC.\n\n\xe2\x80\xa2   The controls established and specified by DFEC to achieve the specified control objectives.\n\nAlso included in this section is the following information provided by the service auditor:\n\n\xe2\x80\xa2   A description of the tests performed in regard to the described controls by the service auditor to\n    determine whether DFEC\'s controls were operating with sufficient effectiveness to achieve stated\n    control objectives.\n\n\xe2\x80\xa2   The results of the service auditors\' tests of the described controls.\n\n\n\n\n                                                     50\n\x0c                                            SECTION 3C\n                           Information Provided by the Service Auditor\n                                  General Computer Controls\nControl Objective: General Computer Controls - Controls provide reasonable assurance that DFEC\nhas generally established computer controls over entity-wide security program planning and\nmanagement, access controls, application software development and change controls, segregation of\nduties, systems software, and service continuity.\n\nDescription of Controls\n\nEntity-wide Security Program Planning and Management\n\nESA, of which DFEC is a division, periodically assesses risk through independent risk assessments\nthat are performed and documented on a regular basis or whenever systems, facilities, or other\nconditions change. The risk assessments consider data sensitivity and integrity and range of risks to\nthe entity\'s systems and data; and, final risk determinations and related management approvals are\ndocumented and maintained on file.\n\nESA has a security program plan that: covers all major facilities and operations, has been approved by\nkey affected parties, and covers the topics prescribed by OMB Circular A-130 (general support\nsystems/major applications): Rules of the system/Application rules; Training/Specialized training;\nPersonnel controls/Personnel security; Incident response capability/Continuity of support/Contingency\nplanning; Technical security/Technical controls; System interconnectivity/Information sharing; public\naccess controls; access controls; application software development and change controls; segregation of\nduties; systems software; and service continuity. The plan is reviewed periodically and adjusted to\nreflect current conditions and risks.\n\nESA\xe2\x80\x99s security program plan establishes a security management structure with adequate\nindependence, authority, and expertise. An Information Systems Security Manager has been\nappointed at an overall level and at appropriate subordinate levels.\n\nThe security plan clearly identifies who owns computer-related resources and who is responsible for\nmanaging access to computer resources. Security responsibilities and expected behaviors are clearly\ndefined for: (1) information resource owners and users; (2) information resources management and\ndata processing personnel; (3) senior management; and (4) security administrators.\n\nESA has implemented an ongoing security awareness program that includes first-time training for all\nnew employees, contractors, and users, and periodic refresher training thereafter. Security policies are\ndistributed to all affected personnel, including system/application rules and expected behaviors.\n\nESA\'s incident response capability has the characteristics suggested by industry standards which are:\nuse of virus detection software; an understanding of the constituency being served; an educated\nconstituency that trusts the incident handling team; a means of prompt centralized reporting; response\nteam members with the necessary knowledge, skills, and abilities; and links to other relevant groups.\n\n\n\n\n                                                  51\n\x0c                                                   SECTION 3C\n                               Information Provided by the Service Auditor\n                                      General Computer Controls\nRegularly scheduled vacations exceeding several days are encouraged, and the individual\'s work is\ntemporarily reassigned. Termination and transfer procedures include: exit interview procedures; return\nof property, keys, identification cards, passes, etc.; notification to security management of\nterminations and prompt revocation of IDs and passwords; immediately escorting terminated\nemployees out of the entity\'s facilities; and identifying the period during which non-disclosure\nrequirements remain in effect.\nSkill needs are accurately identified and included in job descriptions, and employees meet these\nrequirements. A training program has been developed. Employee training and professional\ndevelopment are documented and monitored.\nESA\xe2\x80\x99s Information Systems security program is subject to periodic reviews. Major systems and\napplications are accredited by the managers whose missions they support.\nTests of Described Controls                                                Results of Tests\nReviewed risk assessment policies, the most recent high-level risk         No exceptions were noted.\nassessment, and the objectivity of personnel who performed and reviewed\nthe assessment.\n\nReviewed the security plan and determined whether the plan covered the     No exceptions were noted.\ntopics prescribed by OMB Circular A-130 and reviewed any related\ndocumentation which indicated that the security plan had been reviewed\nand updated, and was current.\n\nInterviewed the security management staff and Security Manager to          No exceptions were noted.\ndetermine whether the entity had a security plan and organization chart.\n\nReviewed documentation supporting or evaluating the security awareness     No exceptions were noted.\nprogram, memos, electronic mail files, or other policy distribution\nmechanisms, and personnel files to test whether security awareness\nstatements are current.\n\nInterviewed data owners and system users to determine what training        All 19 newly hired FECA employees had no\nnewly hired employees had received and if they were aware of their         evidence that initial security training had been\nsecurity-related responsibilities.                                         completed. No other exceptions were noted.\n\nInterviewed the Security Manager, response team members, and system        No exceptions were noted.\nusers to determine whether an incident response capability has been\nimplemented.\n\nReviewed documentation supporting incident handling activities.            No exceptions were noted.\n\nReviewed hiring policies, reinvestigation policies, policies on            DOL Human Resources has not established\nconfidentiality or security agreements, vacation policies, job rotation    policies or procedures for ESA to follow\npolicies, staff assignment records, and other pertinent policies and       concerning       background  checks     or\nprocedures.                                                                reinvestigations. No other exceptions were\n                                                                           noted.\n\nFor a selection of recent hires, inspect personnel records and determine   DOL Human Resources has not established\nwhether references have been contacted and background checks               policies or procedures for ESA to follow\nperformed. For a selection of sensitive positions, inspect personnel       concerning       background  checks     or\nrecords and determine whether background reinvestigations have been        reinvestigations. No other exceptions were\nperformed.                                                                 noted.\n\n                                                          52\n\x0c                                                    SECTION 3C\n                                Information Provided by the Service Auditor\n                                       General Computer Controls\nTests of Described Controls                                                 Results of Tests\n\nDetermined whether confidentiality or security agreements are on file for   DOL Human Resources has no policies or\na selection of users. For a selection of terminated or transferred          procedures for FECA to follow concerning\nemployees examine documentation showing compliance with policies.           confidentiality agreements for DOL employees.\nCompared a system generated list of users to a list of active user          No other exceptions were noted.\nemployees.\n\nReviewed job descriptions for security management personnel and a           No exceptions were noted.\nselection of other personnel. For a selection of employees, compared\npersonnel records on education and experience with job descriptions.\nReviewed training program documentation, training records, and other\nrelated documentation for selected personnel.\n\nReviewed reports resulting from recent assessments (including the most      An independent review of the FECS controls\nrecent FMFIA report), written authorizations or accreditation statements,   has not been conducted by OWCP. No other\nand documentation related to corrective actions. Determined when last       exceptions were noted.\nindependent review occurred.\n\nReviewed the status of prior year audit recommendations to determine if     ESA has implemented corrective action plans.\ncorrective actions have been implemented.\n\nAccess Controls\n\nClassifications and criteria have been established and communicated to resource owners. Resources\nare classified based on risk assessments; classifications are documented and approved by an\nappropriate senior official and are periodically reviewed.\n\nAccess authorizations are documented on standard forms and maintained on file, approved by senior\nmanagers, and securely transferred to security managers. Owners periodically review access\nauthorization listings and determine whether they remain appropriate. The number of users who can\ndial into the system from remote locations is limited and justification for such access is documented\nand approved by owners.\n\nSecurity managers review access authorizations and discuss any questionable authorizations with\nresource owners. All changes to security profiles by security managers are automatically logged and\nperiodically reviewed by management independent of the security function. Unusual activity is\ninvestigated. Security is notified immediately when system users are terminated or transferred.\n\nEmergency and temporary access authorizations are documented on standard forms and maintained on\nfile, approved by appropriate managers, securely communicated to the security function; and\nautomatically terminated after a predetermined period.\n\nStandard forms are used to document approval for archiving, deleting, or sharing data files. Prior to\nsharing data or programs with other entities, agreements are documented regarding how those files are\nto be protected. Facilities housing sensitive and critical resources have been identified. All significant\nthreats to the physical well-being of sensitive and critical resources have been identified and related\nrisks determined. Access is limited to those individuals who routinely need access through the use of\nguards, identification badges, or entry devices, such as key cards. Management regularly reviews the\nlist of persons with physical access to sensitive facilities. Keys or other access are needed to enter the\n                                                           53\n\x0c                                               SECTION 3C\n                             Information Provided by the Service Auditor\n                                    General Computer Controls\ncomputer room and tape/media library. All deposits and withdrawals of tapes and other storage media\nfrom the library are authorized and logged. Unissued keys or other entry devices are secured.\nEmergency exit and re-entry procedures ensure that only authorized personnel are allowed to reenter\nafter fire drills, etc.\n\nVisitors to sensitive areas, such as the main computer room and tape/media library, are formally\nsigned in and escorted. Entry codes are changed periodically. Visitors, contractors, and maintenance\npersonnel are authenticated through the use of preplanned appointments and identification checks.\n\nPasswords are unique for specific individuals, not groups; controlled by the assigned user and not\nsubject to disclosure; changed periodically; not displayed when entered; at least six alphanumeric\ncharacters in length; and prohibited from reuse for at least six generations. Use of names or words is\nprohibited. Vendor-supplied passwords are replaced immediately. Generic user IDs and passwords\nare not used. Attempts to log on with invalid passwords are limited to three attempts.\n\nPersonnel files are automatically matched with actual system users to remove terminated or\ntransferred employees from the system. Password files are encrypted. For other devices, such as\ntokens or key cards, users maintain possession of their individual tokens, cards, etc., and understand\nthat they must not loan or share these with others and must report lost items immediately.\n\nAn analysis of the logical access paths is performed whenever system changes are made. Security\nsoftware is used to restrict access. Access to security software is restricted to security administrators\nonly. Computer terminals are automatically logged off after a period of inactivity. Inactive users\'\naccounts are monitored and removed when not needed. Security administration personnel set\nparameters of security software to provide access as authorized and restrict access that has not been\nauthorized. This includes access to data files, load libraries, batch operational procedures, source\ncode libraries, security files, and operating system files. Naming conventions are used for resources.\n\nDatabase management systems (DBMS) and data dictionary controls have been implemented that\nrestrict access to data files at the logical data view, field, or field-value level; control access to the data\ndictionary using security profiles and passwords; maintain audit trails that allow monitoring of\nchanges to the data dictionary; and provide inquiry and update capabilities from application program\nfunctions, interfacing DBMS or data dictionary facilities. Use of DBMS utilities is limited. Access\nand changes to DBMS software are controlled. Access to security profiles in the data dictionary and\nsecurity tables in the DBMS is limited.\n\nCommunication software has been implemented to verify terminal identifications in order to restrict\naccess through specific terminals; verify IDs and passwords for access to specific applications; control\naccess through connections between systems and terminals; restrict an application\'s use of network\nfacilities; protect sensitive data during transmission; automatically disconnect at the end of a session;\nmaintain network activity logs; restrict access to tables that define network options, resources, and\noperator profiles; allow only authorized users to shut down network components; monitor dial-in\naccess by monitoring the source of calls or by disconnecting and then dialing back at pre-authorized\nphone numbers; restrict in-house access to telecommunications software; control changes to\ntelecommunications software; ensure that data are not accessed or modified by an unauthorized user\nduring transmission or while in temporary storage; and restrict and monitor access to\ntelecommunications hardware or facilities.\n                                                      54\n\x0c                                                      SECTION 3C\n                                 Information Provided by the Service Auditor\n                                        General Computer Controls\nIn addition to logical controls: the opening screen viewed by a user provides a warning and states that\nthe system is for authorized use only and that activity will be monitored, dial-in phone numbers are\nnot published and are periodically changed, cryptographic tools have been implemented to protect the\nintegrity and confidentiality of sensitive and critical data and software programs. Procedures have\nbeen implemented to clear sensitive data and software from discarded and transferred equipment and\nmedia. All activity involving access to and modifications of sensitive or critical files is logged.\n\nSecurity violations and activities, including failed logon attempts, other failed access attempts, and\nsensitive activity, are reported to management and investigated. Security managers investigate security\nviolations and report results to appropriate supervisory and management personnel. Appropriate\ndisciplinary actions are taken. Violations are summarized and reported to senior management. Access\ncontrols are modified when violations and related risk assessments indicate that such changes are\nappropriate.\nTests of Described Controls                                                           Results of Tests\n\nReviewed policies and procedures and resource classification documentation            No exceptions were noted.\nand compared to risk assessments.          Discussed any discrepancies with\nappropriate officials. Interviewed resource owners.\n\nReviewed pertinent written policies and procedures. For a selection of users,         Network Access Request Forms were\n(both application user and IS personnel), reviewed access authorization               not on file for 17 of 19 newly hired\ndocumentation. Interviewed owners and reviewed supporting documentation.              FECA users. No other exceptions were\nDetermined whether inappropriate access was removed in a timely manner. For           noted.\na selection of users with dial-up access, reviewed authorization and justification.\nInterviewed security managers and reviewed documentation provided to them.\nReviewed a selection of recent profile changes and activity logs. Obtained a list\nof recently terminated employees from Personnel, and for a selection,\ndetermined whether system access was properly terminated.\n\nCompared a selection of both expired and active temporary and emergency               No exceptions were noted.\nauthorizations (obtained from the authorizing parties) with a system-generated\nlist of authorized users.       Determined the appropriateness of access\ndocumentation.\n\nExamined standard approval forms and documents authorizing file sharing and           Standard Data Sharing Forms were not\nfile sharing agreements. Interviewed data owners.                                     provided. No other exceptions were\n                                                                                      noted.\n\nReviewed a diagram of the physical layout of the computer telecommunications          No exceptions were noted.\nand cooling system facilities. Walked through facilities.\n                                                                                      No exceptions were noted.\nReviewed access path diagram.\n\nObserved entries to and exits from the facilities, including sensitive areas during   No exceptions were noted.\nand after normal business hours, utilities access paths, practices for safeguarding\nkeys and other devices and a fire drill. Inspected a log sheet. Reviewed written\nemergency procedures\n\nSelected from the log some returns and withdrawals, verified the physical             No exceptions were noted.\nexistence of the tape or other media, and determined whether proper\nauthorization was obtained for the movement.\n\n                                                              55\n\x0c                                                     SECTION 3C\n                                 Information Provided by the Service Auditor\n                                        General Computer Controls\nTests of Described Controls                                                          Results of Tests\n\nReviewed visitor entry logs. Observed entries to and exits from sensitive areas      No exceptions were noted.\nduring and after normal business hours. Interviewed guards at facility entry.\nReviewed documentation on and logs of entry code changes. Observed\nappointment and verification procedures for visitors.\n\nReviewed security software parameters. Observed an attempt to log on without         No exceptions were noted.\na valid password; make repeated attempts to guess passwords. Reviewed a\nsystem generated list of current passwords. Assessed procedures for generating\nand communicating passwords to users. Viewed Dump of password files.\nReviewed computer room access policy and procedures to evaluate\nsophisticated authentication techniques.\n\nObserved terminals in use. Reviewed a system generated list of inactive logon        ESA\xe2\x80\x99s network does not have an idle\nIDs. Determined who had access to security files and whether naming                  time network log out feature activated.\nconventions are used. Interviewed database administrators. Reviewed database         No other exceptions were noted.\nsecurity parameters.\n\nReviewed pertinent policies and procedures. Viewed the opening screen by             No exceptions were noted.\ntelecommunication system users. Reviewed documentation showing changes to\ndial-in numbers. Run entity\xe2\x80\x99s telephone directory to verify that numbers are not\nlisted\n\nEvaluated Cryptographic tools.                                                       No exceptions were noted.\n\nReviewed written procedures. Interviewed personnel responsible for clearing          No exceptions were noted.\nequipment and media. For a selection of recently discarded or transferred items,\nexamined documentation related to clearing of data and software.\n\nReviewed security software settings to identify types of activity logged, security   No exceptions were noted.\nviolation reports and documentation showing reviews of questionable activities.\n\nReviewed how access control policies and procedures are changed. Tested a            No exceptions were noted.\nselection of security violations to verify that follow-up investigations were\nperformed and to determine what actions were taken against the perpetrator.\n\nApplication Software Development and Change Control\n\nSystem Development Life Cycle (SDLC) methodology has been developed that provides a structured\napproach consistent with generally accepted concepts and practices, including active user involvement\nthroughout the process, is sufficiently documented to provide guidance to staff with varying levels of\nskill and experience, provides a means of controlling changes in requirements that occur over the\nsystem\'s life, and includes documentation requirements.        Program staff and staff involved in\ndeveloping and testing software have been trained and are familiar with the use of the organization\'s\nSDLC methodology.\n\nSoftware change request forms are used to document requests and related approvals. Change requests\nmust be approved by both system users and data processing staff. Clear policies restricting the use of\npersonal and public domain software have been developed and are enforced. DFEC uses virus\nidentification software.\n\n                                                             56\n\x0c                                                    SECTION 3C\n                                Information Provided by the Service Auditor\n                                       General Computer Controls\nTest plan standards have been developed for all levels of testing that define responsibilities for each\nparty (e.g., users, system analysts, programmers, auditors, quality assurance, library control). Detailed\nsystem specifications are prepared by the programmer and reviewed by a programming supervisor.\nSoftware changes are documented so that they can be traced from authorization to the final approved\ncode, and they facilitate the "trace-back" of code to design specifications and functional requirements\nby system testers. Test plans are documented and approved that define responsibilities for each party\ninvolved (e.g., users, systems analysts, programmers, auditors, quality assurance, library control).\nUnit integration, and system testing are performed and approved in accordance with the test plan and\napplying a sufficient range of valid and invalid conditions.\n\nA comprehensive set of test transactions and data has been developed that represents the various\nactivities and conditions that will be encountered in processing. Live data is not used in testing\nprogram changes, except to build test data files. Test results are reviewed and documented. Program\nchanges are moved into production only upon documented approval from users and system\ndevelopment management.\n\nDocumentation is updated for software, hardware, operating personnel, and system users when a new\nor modified system is implemented. Data center management and/or the security administrators\nperiodically review production program changes to determine whether access controls and change\ncontrols have been followed.\n\nEmergency changes are documented and approved by the operations supervisor, formally reported to\ncomputer operations management for follow-up, and approved after the fact by programming\nsupervisors and user management.\n\nStandardized procedures are used to distribute new software for implementation. Implementation\norders, including effective date, are provided to all locations where they are maintained on file.\nLibrary management software is used to produce audit trails of program changes, maintain program\nversion numbers, record and report program changes, maintain creation/date information for\nproduction modules, maintain copies of previous version, and control concurrent updates.\n\nTests of Described Controls                                                         Results of Tests\n\nReviewed prior year FISCAM audit work papers to determine nature, timing            No exceptions were noted.\nand extent of the testing performed related to application software development\nand change control and results of testing.\n\nReevaluated plan for rotation testing of controls to determine any limitations or   No control changes noted. Rotation\nmodifications applicable for FY2003. Interviewed senior management to update        plan is reasonable.\nunderstanding of controls in the current fiscal year.\n\n\n\n\n                                                            57\n\x0c                                            SECTION 3C\n                           Information Provided by the Service Auditor\n                                  General Computer Controls\nSystem Software\n\nPolicies and procedures for restricting access to systems software are kept up-to-date. Access to\nsystem software is restricted to a limited number of personnel, corresponding to job responsibilities.\nApplication programmers and computer operators are specifically prohibited from accessing system\nsoftware. Documentation showing justification and management approval for access to system\nsoftware is kept on file. The access capabilities of system programmers are periodically reviewed for\npropriety to see that access permissions correspond with job duties.\n\nPolicies and procedures for using and monitoring use of system software utilities are kept up-to-date.\nResponsibilities for using sensitive system utilities have been clearly defined and are understood by\nsystems programmers. Responsibilities for monitoring use are defined and understood by technical\nmanagement. The use of sensitive system utilities is logged using access control software reports or\njob accounting data (e.g., IBM\'s System Management Facility).\n\nThe use of privileged system software and utilities is reviewed by technical management.\nInappropriate or unusual activity in using utilities is investigated. System programmers\' activities are\nmonitored and reviewed. Management reviews are performed to determine that control techniques for\nmonitoring use of sensitive system software are functioning as intended and that the control\ntechniques in place are maintaining risks within acceptable levels (e.g., periodic risk assessments).\n\nPolicies and procedures are kept up-to-date for identifying, selecting, installing, and modifying system\nsoftware. Procedures include an analysis of costs and benefits and consideration of the impact on\nprocessing reliability and security. Procedures exist for identifying and documenting system software\nproblems. This should include using a log to record the problem, the name of the individual assigned\nto analyze the problem, and how the problem was resolved.\n\nNew system software versions or products and modifications to existing system software receive\nproper authorization and are supported by a change request. New system software versions or\nproducts and modifications to existing system software are tested, and the test results are approved\nbefore implementation.\n\nProcedures include: a written standard that guides the testing, which is conducted in a test rather than\nproduction environment; specification of the optional security-related features to be turned on, when\nappropriate; review of test results by technically qualified staff who document their opinions on\nwhether the system software is ready for production use; and review of test results and documented\nopinions by data center management prior to granting approval to move the system software into\nproduction use.\n\nProcedures exist for controlling emergency changes. Procedures include: authorizing and documenting\nemergency changes as they occur; reporting the changes for management review; and review by an\nindependent IS supervisor of the change.\n\nInstallation of system software is scheduled to minimize the impact on data processing and advance\nnotice is given to system users. Migration of tested and approved system software to production use is\nperformed by an independent library control group. Outdated versions of system software are\n                                                  58\n\x0c                                                    SECTION 3C\n                                Information Provided by the Service Auditor\n                                       General Computer Controls\nremoved from production libraries. Installation of all system software is logged to establish an audit\ntrail and reviewed by data center management. Vendor-supplied system software is still supported by\nthe vendor. All system software is current and has current and complete documentation.\n\nTests of Described Controls                                                         Results of Tests\n\nReviewed prior year FISCAM audit work papers to determine nature, timing            No exceptions were noted.\nand extent of the testing performed related to systems software and results of\ntesting.\n\nReevaluated plan for rotation testing of controls to determine any limitations or   No control changes noted.   Rotation\nmodifications applicable for FY2003. Interviewed senior management to update        plan is reasonable.\nunderstanding of controls in the current fiscal year.\n\nSegregation of Duties\n\nPolicies and procedures for segregating duties exist and are up-to-date. Distinct systems support\nfunctions are performed by different individuals, including the following: IS management, system\ndesign, application programming, systems programming, quality assurance/testing, library\nmanagement/change management, computer operations, production control and scheduling, data\ncontrol, data security, data administration, and network administration.\n\nNo individual has complete control over incompatible transaction processing functions. Specifically,\nthe following combination of functions are not performed by a single individual: data entry and\nverification of data, data entry and its reconciliation to output, input of transactions for incompatible\nprocessing functions (e.g., input of vendor invoices and purchasing and receiving information), and\ndata entry and supervisory authorization functions (e.g., authorizing a rejected transaction to continue\nprocessing that exceeds some limit requiring a supervisor\'s review and approval).\n\nData processing personnel are not users of information systems. They and security managers do not\ninitiate, input, or correct transactions. Day-to-day operating procedures for the data center are\nadequately documented and prohibited actions are identified. Regularly scheduled vacations and\nperiodic job/shift rotations are required.\n\nDocumented job descriptions accurately reflect assigned duties and responsibilities and segregation of\nduty principles. Documented job descriptions include definitions of the technical knowledge, skills,\nand abilities required for successful performance in the relevant position and can be used for hiring,\npromoting, and performance evaluation purposes.\n\nAll employees fully understand their duties and responsibilities and carry out those responsibilities in\naccordance to their job descriptions. Senior management is responsible for providing adequate\nresources and training to ensure that segregation of duty principles are understood and established,\nenforced, and institutionalized within the organization. Responsibilities for restricting access by job\npositions in key operating and programming activities are clearly defined, understood, and followed.\n\nStaff\'s performance is monitored on a periodic basis and controlled to ensure that objectives USAID\nout in job descriptions are carried out. Management reviews are performed to determine that control\ntechniques for segregating incompatible duties are functioning as intended and that the control\ntechniques in place are maintaining risks within acceptable levels (e.g., periodic risk assessments).\n                                                            59\n\x0c                                                      SECTION 3C\n                                 Information Provided by the Service Auditor\n                                        General Computer Controls\nDetailed, written instructions exist and are followed for the performance of work. Operator instruction\nmanuals provide guidance on system operation. Application run manuals provide instruction on\noperating specific applications. Operators are prevented from overriding file label or equipment error\nmessages.\n\nPersonnel are provided adequate supervision and review, including each shift for computer operations.\nAll operator activities on the computer system are recorded on an automated history log. Supervisors\nroutinely review the history log and investigate any abnormalities. System startup is monitored and\nperformed by authorized personnel. Parameters set during the initial program load (IPL) are in\naccordance with established procedures.\n\nTests of Described Controls                                                           Results of Tests\n\nReviewed prior year FISCAM audit work papers to determine nature, timing              No exceptions were noted.\nand extent of the testing performed related to segregation of duties and results of\ntesting.\n\nReevaluated plan for rotation testing of controls to determine any limitations or     No control changes noted. Rotation\nmodifications applicable for FY2003. Interviewed senior management to update          plan is reasonable.\nunderstanding of controls in the current fiscal year.\n\nService Continuity\n\nESA has drafted a disaster recovery plan which lists critical operations and data and that prioritizes\ndata and operations, reflects current conditions and identifies and documents resources supporting\ncritical operations such as computer hardware, computer software, computer supplies, system\ndocumentation, telecommunications, office facilities and supplies, and human resources.\n\nWithin ESA\xe2\x80\x99s draft disaster recovery, emergency processing priorities have been documented.\nBackup files are created on a prescribed basis and rotated off-site often enough to avoid disruption if\ncurrent files are lost or damaged. System and application documentation is maintained at the off-site\nstorage location. The backup storage site is geographically removed from the primary site, and\nprotected by environmental controls and physical access controls.\n\nFire suppression and prevention devices have been installed and are working, e.g., smoke detectors,\nfire extinguishers, and sprinkler systems. Controls have been implemented to mitigate other disasters,\nsuch as floods, earthquakes, etc. Redundancy exists in the air cooling system. An uninterruptible\npower supply or backup generator has been provided so that power will be adequate for orderly shut\ndown. Environmental controls are periodically tested. Eating, drinking, and other behavior that may\ndamage computer equipment is prohibited.\n\nAll data center employees have received training and understand their emergency roles and\nresponsibilities. Data center staff receives periodic training in emergency fire, water, and alarm\nincident procedures. Emergency response procedures are documented and periodically tested.\n\n\n\n\n                                                              60\n\x0c                                             SECTION 3C\n                            Information Provided by the Service Auditor\n                                   General Computer Controls\nControls exist and are up-to-date. Routine periodic hardware preventive maintenance is scheduled and\nperformed in accordance with vendor specifications and in a manner that minimizes the impact on\noperations. Regular and unscheduled maintenance performed is documented. Flexibility exists in the\ndata processing operations to accommodate regular and a reasonable amount of unscheduled\nmaintenance. Spare or backup hardware is used to provide a high level of system availability for\ncritical and sensitive applications. Goals are established by senior management on the availability of\ndata processing and on-line services. Records are maintained on the actual performance in meeting\nservice schedules.\n\nProblems and delays encountered, the reason, and the elapsed time for resolution are recorded and\nanalyzed to identify recurring patterns or trends. Senior management periodically reviews and\ncompares the service performance achieved with the goals and surveys of user departments to see if\ntheir needs are being met. Changes of hardware equipment and related software are scheduled to\nminimize the impact on operations and users, thus allowing for adequate testing. Advance notification\non hardware changes is given to users so that service is not unexpectedly interrupted.\n\nA contingency plan has been drafted that reflects current conditions, will be approved by key affected\ngroups including senior management, data center management, and program managers, clearly assigns\nresponsibilities for recovery, includes detailed instructions for restoring operations (both operating\nsystem and critical applications), identifies the alternate processing facility and the backup storage\nfacility, includes procedures to follow when the data/service center is unable to receive or transmit\ndata, identifies critical data files, is detailed enough to be understood by all agency managers, includes\ncomputer and telecommunications hardware compatible with the agencies needs, and has been\ndistributed to all appropriate personnel.\n\nThe plan provides for backup personnel so that it can be implemented independent of specific\nindividuals. User departments have developed adequate manual/peripheral processing procedures for\nuse until operations are restored.\n\nContracts or interagency agreements have been established for a backup data center and other needed\nfacilities that: are in a state of readiness commensurate with the risks of interrupted operations, have\nsufficient processing capacity, and are likely to be available for use. Alternate telecommunication\nservices have been arranged. Arrangements are planned for travel and lodging of necessary personnel,\nif needed.\n\n\n\n\n                                                   61\n\x0c                                                      SECTION 3C\n                                 Information Provided by the Service Auditor\n                                        General Computer Controls\nTests of Described Controls                                                           Results of Tests\n\nReviewed policies. Interviewed program, data processing, and security                 The disaster recovery plan does not\nadministration officials. Determined their input and their assignment of the          include completed processing priorities.\nreasonableness of priorities established.                                             No other exceptions were noted.\n\nReviewed written policies and procedures for backing up files, test policies,         ESA reported that it does not store\ndocumentation supporting recent tests of environmental controls, policies and         maintenance documentation at its off-\nprocedures regarding employee behavior, training records, training course             site location. No other exceptions were\ndocumentation, emergency response procedures, and maintenance                         noted.\ndocumentation.\n\nCompared inventory records with the files maintained off-site, and determined         No exceptions were noted.\nthe age of these files. For a selection of critical files, located and examined the\nbackup files. Determined whether backup files were created and rotated off-site\nas prescribed, and were sent before prior versions were returned.\n\nExamined the back-up storage site and the entity\'s facilities to determine that the   No exceptions were noted.\nsite is geographically removed from the primary site and protected by\nenvironmental controls and physical access controls.\n\nReviewed the contingency plan and compared its provisions with the most               The disaster recovery plan has not been\nrecent risk assessment and with a current description of automated operations.        completed or tested. A business\nInterviewed senior management, data center management, and program                    continuity plan has not been developed.\nmanagers.\n\n\n\n\n                                                              62\n\x0c                                                   SECTION 3C\n                               Information Provided by the Service Auditor\n                                     Transaction Processing Controls\n\nTransaction processing controls for compensation and medical benefit payments were tested in the\nfollowing areas:\n\n        Case Creation                                                      Accuracy of Compensation Payments\n        Initial Eligibility                                                Schedule Awards\n        File Maintenance                                                   Death Benefits\n        Continuing Eligibility - Medical Evidence                          Medical Bill Payment Processing\n        Continuing Eligibility - Earnings Information                      Third Party Settlements\n\nControl Objective 1: Case Creation - Controls provide reasonable assurance that case files were set\nup properly initially and information related to the claimant was input into the computer systems\ncorrectly.\n\nDescription of Controls:\n\nThe FECA Procedure Manual 2-401(3) and (4) contains the requirements for proper set up of the case\nfile and input into the appropriate computer systems.\n\nThe manual assigns the duties of keeping the case management file data accurate and up-to-date to the\nCE. The case management file is set up by a Case Create Clerk and from this set up, a case number is\nassigned and notated on the CA-1 or CA-2. The claim documents are then imaged. Accurate data in\nthe CMF is essential to ensure that the information used to set up the ACPS is correct. Once the\nACPS is set up for each claimant, all vital data must be updated in both the CMF and ACPS. This\ndata includes such items as the claimant\'s name, address, date of birth, social security number and\nchargeback code. The CE verifies the accuracy of the information entered by the Case Create Clerk\nby comparing Form CA-1, CA-2 or CA-5 completed by the claimant to the information in the CMF.\n\nThe employing agency is charged with the responsibility of providing the chargeback code on the\nCA-1, CA-2, or CA-5. If the employing agency does not designate a chargeback code, the Case\nCreate Clerk determines which chargeback code should be applied. Once the case file is created, a\npostcard is sent to the employing agency to confirm the chargeback code. A negative confirmation\nprocess is used.\n\n Tests of Described Controls:                                  Results of Tests:\n\n For a non-statistical sample of 50 case creation items, we    One of the 50 items tested did not have the correct third\n compared case originating forms, such as Forms CA-1,          party indicator. No other exceptions were noted.\n CA-2 and CA-5, to the information contained in the CMF\n and ACPS to ensure that the case origination process\n resulted in the proper setup of the case files (to include\n agency chargeback codes) and related computer systems\n with current and accurate information.\n\n\n\n\n                                                          63\n\x0c                                            SECTION 3C\n                           Information Provided by the Service Auditor\n                                 Transaction Processing Controls\n\nControl Objective 2: Initial Eligibility - Controls provide reasonable assurance that each participant\nmet the requirements of 1) time; 2) civil employee; 3) fact of injury; 4) performance of duty; and 5)\ncausal relationship prior to acceptance as an eligible participant.\n\nDescription of Controls:\n\nAn injured worker must satisfy five basic criteria to be eligible for compensation benefits. These\ncriteria are: 1) time; 2) civil employee; 3) fact of injury; 4) performance of duty; and 5) causal\nrelationship.\n\n1) Time - The FECA Procedure Manual 2-801(3) contains the requirements for the filing of notice of\ninjury or occupational disease. A timely notice of injury must be filed for a claimant to be eligible for\ncompensation payments. The time period filing requirements are specified in 5 U.S.C. 8119. For\ninjuries on or after September 30, 1974, written notice of injury must be filed within 30 days after the\noccurrence of the injury. For injuries occurring between December 7, 1940, and September 6, 1974,\nwritten notice of the injury should be given within 48 hours. The FECA Procedure Manual 2-801(3)\nalso contains the requirements for filing a compensation claim. A timely compensation claim must be\nfiled for a claimant to be eligible for compensation payments. The time period filing requirements are\nspecified in 5 U.S.C. 8122. For injuries on or after September 30, 1974, compensation claims must be\nfiled within 3 years after the occurrence of the injury. For injuries occurring between December 7,\n1940, and September 6, 1974, compensation claims must be filed within 1 year. A few exceptions to\nthese requirements are allowed.\n\n2) Civil Employee - The FECA Procedure Manual 2-802(2) and (4) contain the requirements for\ndetermining whether an individual meets the second of the five requirements for benefits, being a civil\nemployee. The definition of a civil employee is in 5 U.S.C. 8101(1). Basically, status as a civil\nemployee is met when: a) the service performed for the reporting office by the individual was of a\ncharacter usually performed by an employee as distinguished from an independent contractor; and b)\nthat a contract of employment was entered into prior to the injury.\n\n3) Fact of Injury - The FECA Procedure Manual 2-803(3)(a) contains the requirements for the "fact of\ninjury." The fact of injury consists of two components which must be considered in conjunction with\neach other. First is whether the employee actually experienced the accident, event or other\nemployment factor which is alleged to have occurred; and, second is whether such accident, untoward\nevent or employment factor caused a personal injury.\n\nThe FECA Procedure Manual 2-803(5) contains the requirements for the evidence necessary to\nestablish the occurrence of an unwitnessed accident. In establishing the fact of injury for an\nunwitnessed accident, OWCP should consider the surrounding circumstances. The CE must be able to\nvisualize the accident and relate the effects of the accident to the injuries sustained by the injured\nworker, especially where the claimant delayed seeking medical evidence.\n\n\n\n\n                                                   64\n\x0c                                               SECTION 3C\n                             Information Provided by the Service Auditor\n                                   Transaction Processing Controls\n\n4) Performance of Duty - The FECA Procedure Manual 2-804 contains the requirements for the\nperformance of duty criterion. The performance of duty criterion is considered after the questions of\n"time," "civil employee," and "fact of injury" have been established. Even though an employee may\nhave been at a fixed place of employment at the time of injury, the injury may not have occurred in the\nperformance of duty. The employee is generally not covered for travel to and from work. There are\nfive exceptions to this rule. Statutory exclusions exist under which claims for compensation should be\ndenied due to the willful misconduct of the employee. These claims are denied even though the\ninjured worker has met the fact of injury and performance of duty requirements.\n\n5) Causal Relationship - The FECA Procedure Manual 2-805(2) contains the requirements for\nobtaining medical evidence necessary to establish a causal relationship between the injury and\nemployment factors. An injury or disease may be related to employment factors in any of four ways:\na) Direct Causation; b) Aggravation; c) Acceleration; or d) Precipitation.\n\nThe FECA Procedure Manual 2-807(17)(d)(2) contains the requirements for the 3-day waiting period\nwhich is required by 5 U.S.C. 8117. An employee is not entitled to compensation for the first 3 days\nof temporary disability, except when: a) the disability exceeds 14 days; b) the disability is followed\nby permanent disability; or c) claimant is undergoing medical services or vocational rehabilitation\nduring the 3-day period.\n\nThe CEs are required to evaluate the injury reports and supporting medical evidence submitted by\nclaimants. The injury reports and medical evidence must support that the claimant has met the burden\nof proof with regards to the five criteria to establish initial eligibility. If the claimant has not\nsubmitted documentation which fully supports the eligibility of the claimant, it is the CE\'s\nresponsibility to request such further information as the CE deems necessary. Once a CE concludes\nthat a claimant is either eligible or not eligible for benefits under the FECA program, the CE updates\nthe eligibility code in the CMF system. Claimants are notified of the CE\'s decision with regards to\neligibility. If the claimant disagrees with the CE\'s decision concerning eligibility, the claimant may\nrequest a hearing for resolution.\n\n Tests of Described Controls:                              Results of Tests:\n\n For a non-statistical sample of 50 initial eligibility No exceptions were noted.\n transactions, we reviewed the case file to determine\n whether the notice of injury was filed timely, whether the\n claimant was a civil employee, whether sufficient evidence\n was provided to prove the injury occurred as reported,\n whether sufficient evidence was provided to prove the\n employee was in performance of their duties at the time of\n injury, whether sufficient evidence was provided to prove\n the injury was causally related to employment factors, and\n whether the CE accepted the condition and indicated\n approval of the accepted condition in the case file.\n\n\n\n\n                                                      65\n\x0c                                                   SECTION 3C\n                                Information Provided by the Service Auditor\n                                      Transaction Processing Controls\n\nControl Objective 3: File Maintenance - Controls provide reasonable assurance that claimant\'s\naddress and social security number were correct in the ACPS and the chargeback code was correct in\nthe CMF.\n\nDescription of Controls:\n\nThe FECA Procedure Manual 5-308(5) contains the requirements for updating the ACPS when\ncorrections are necessary to the claimant\'s address, social security number and chargeback code.\nWhen a report of injury is first received, a record is created in the CMF. When a request is made for\ncompensation for lost wages, a schedule award or for death benefits, a complete case record is then\ncreated in the ACPS. The information transferred to the ACPS for the address, social security number\nand chargeback code is the information in the CMF at the time the record is created. If any of the\ninformation changes, both the ACPS and the CMF must be updated with the new information.\n\n Tests of Described Controls:                                   Results of Tests:\n\n For a total of 196 cases, from a sample of 146 statistically In 1 of 196 of the cases, the claimant\xe2\x80\x99s date of death was\n selected internal control compensation transactions and 50 not updated in the ACPS. No exceptions were noted in the\n non-statistically selected initial eligibility transactions, we non-statistical sample. No other exceptions were noted.\n reviewed documentation in the case files to ensure that the\n social security number, date of birth and the address were\n accurate in the ACPS and CMF.\n\n From a total of 238 cases, for a sample of 178 statistically No exceptions were noted.\n selected compensation transactions and 60 non-statistically\n selected cases, we reviewed documentation in the case\n files to ensure that the chargeback code was accurate in the\n CMF.\n\nControl Objective 4: Continuing Eligibility (Medical Evidence) - Controls provide reasonable\nassurance that claimants submitted medical evidence to support continuing eligibility for\ncompensation and medical benefits.\n\nDescription of Controls:\n\nThe FECA Procedure Manual 2-812(6) contains the requirements for the periodic review of medical\nevidence to verify continuing disability. The frequency of the medical review required depends on the\ntype of compensation the claimant is receiving. Some claimants are required to submit medical\nevidence annually and others every 2 or 3 years.\n\nFECA Procedure Manual 2-812(8) provides the procedures for obtaining and reviewing medical\nreports. If a medical report is not received within the specified time (30-60 days is considered\nreasonable), or the report does not contain the requested information, the CE should direct the\nclaimant to undergo examination by the attending physician or a second opinion specialist as\nappropriate. OWCP should make an appointment for the examination. The notification to the\nclaimant should include warning that under 5 U.S.C. 8123(d) benefits may be suspended for failure to\nreport for examination.\n\n                                                           66\n\x0c                                                      SECTION 3C\n                                  Information Provided by the Service Auditor\n                                        Transaction Processing Controls\n\nWhere injury-related disability has ceased, the CE is to notify the claimant of proposed termination of\nbenefits. OWCP has the burden of proof to justify the termination of benefits by positive and specific\nevidence that injury-related disability has ceased. The inadequacy or absence of a report in support of\ncontinuing benefits is not sufficient to support termination, and benefits should not be suspended for\nthat reason.\n\n Tests of Described Controls:                                      Results of Tests:\n\n For 149 cases, from a sample of 99* statistically selected        In 15 of 96 statistically selected lost wage cases no current\n internal control compensation for lost wage cases and 50          medical evidence was contained in the claimant\xe2\x80\x99s case file.\n non-statistically selected current medical cases, 146 cases       An additional non-statistical sample of 50 current medical\n (96 statistical and 50 non-statistical) required updating of      cases was selected. For 12 of 50 non-statistical current\n medical evidence within the past year. We reviewed                medical cases, medical evidence was not located within\n medical evidence in the case files to ensure that the current     the case file. This represents an 18% aggregate error rate\n medical evidence supported the disability status for the          in the operating effectiveness of the primary control to\n compensation being received.                                      ensure achievement of this control objective. No other\n                                                                   exceptions were noted.\n\n* A statistical sample of 99 claimants were tested for continuing eligibility controls, however, some specific tests did not\napply to all claimants due to the length of time of the claimant\'s injury, the date of the claim for benefits, or the claimant\'s\ncase status. Therefore, the number of tests indicated is the number of items to which tests were actually applied.\n\nControl Objective 5: Continuing Eligibility (Earnings Information) - Controls provide reasonable\nassurance that claimants submitted earnings information and authorization to obtain earnings\ninformation from the Social Security Administration to support continuing eligibility for\ncompensation and medical benefits.\n\nDescription of Controls:\n\nOWCP mails each claimant a Form CA-1032 each year. The Form CA-1032 asks the claimants to\nverify the status of their dependents and report any and all earnings by the claimants. The information\nreported by the claimant on Form CA-1032 is to be reviewed by a CE and the compensation rate or\namount adjusted accordingly.\n\nThe FECA Procedure Manual 2-812(6) contains the requirements for the frequency with which\nclaimants must complete Form CA-1032. The FECA Procedure Manual 2-812(10) contains the\nrequirements for changing the ACPS system when benefit changes are indicated by the claimant on\nthe Form CA-1032. The ACPS system must be changed to reflect the information provided by the\nclaimant to ensure that benefits are being paid at the proper compensation rate and amount.\n\n\n\n\n                                                              67\n\x0c                                                      SECTION 3C\n                                  Information Provided by the Service Auditor\n                                        Transaction Processing Controls\n\nThe FECA Procedure Manual 2-812(9), contains the requirements for obtaining a claimant\'s earnings\nreport from the SSA. OWCP cannot obtain earnings information from SSA without the claimant\xe2\x80\x99s\nauthorization. Obtaining earnings information is a secondary control, as the claimant is not required\nto authorize the release of this information as a condition for receiving benefits. In addition, the\nrequest to SSA is only made in selected cases. OWCP sends the claimants a CA-935, Cover Letter\nand a SSA-581, Authorization to Obtain Earnings Data from the Social Security Administration\nrequest form. Earnings may be requested from the SSA on Form CA-1036 to determine whether an\nadjustment is needed to a claimant\'s compensation rates. A claimant\'s compensation rate can be\nadjusted based on the information supplied by the SSA in response to Form CA-1036. The ACPS\nsystem must be changed to reflect the information updated by the SSA to ensure that benefits are\nbeing paid at the proper compensation rate.\n\n Tests of Described Controls:                                      Results of Tests:\n\n From a statistical sample of 130 compensation claimants           In 5 of 87 items sampled, CA-1032s had not been obtained\n (99* lost wage cases and 31 schedule award cases), 87             from the claimants to verify earnings and dependent\n cases required current eligibility verification due to the age    information within the last year. No other exceptions were\n of the case. We reviewed the case file to determine               noted.\n whether a CA-1032 had been requested within the past\n year to verify earnings and dependent information.\n\n From a statistical sample of 99* lost wage claimants, 74          In 21 of 74 items sampled, a release for authorization to\n cases required current earnings information due to the age        obtain earnings information from SSA was not in the case\n of the case. We reviewed the case file to determine               file. In 17 of these 21 cases, the required forms were not\n whether a CA-935 and SSA-581 had been released to the             sent to the claimant, three were sent to the claimant but\n claimant to obtain earnings information from SSA in the           never returned, and one was returned unsigned. No other\n past year.                                                        exceptions were noted.\n\n From a statistical sample of 99* lost wage claimants, 14 No exceptions were noted.\n cases had SSA-581s returned from the claimant that\n should have been sent to SSA for current earnings\n information. We reviewed the case file to determine\n whether the Senior Claims Examiner had requested\n earnings information from SSA.\n\n\n\n\n                                                              68\n\x0c                                                    SECTION 3C\n                                Information Provided by the Service Auditor\n                                      Transaction Processing Controls\n\nTests of Described Controls:                                  Results of Tests:\n\nFrom a statistical sample of 130 compensation claimants       No exceptions were noted.\n(99* lost wage cases and 31 schedule award cases), 25\ncases had CA-1032s or CA-1036s returned with\ninformation requiring information be updated in the\nclaimant\xe2\x80\x99s case file. We reviewed the case file to\ndetermine whether the case was updated with the\ninformation reported on the CA-1032 or CA-1036.\n\n*A statistical sample of 99 claimants were tested for continuing eligibility controls and 31 claimants were tested for\nschedule awards, however, some specific tests did not apply to all claimants due to the length of time of the claimant\'s\ninjury, the date of the claim for benefits, or the claimant\'s case status. Therefore, the number of tests indicated is the\nnumber of items to which tests were actually applied.\n\nControl Objective 6: Accuracy of Compensation Payments - Controls provide reasonable assurance\nthat components of compensation payments including the correct compensation percentage, pay rate,\nnumber of hours paid, verification of leave without pay status, absence of dual compensation, and\nproper reimbursement of burial bills.\n\nDescription of Controls:\n\nThe FECA Procedure Manual 2-900 contains the requirements for the computation of compensation\nwhere the injury occurred after September 12, 1960. The Branch of Claims Services is responsible for\nthe computation of compensation payments. The CE is responsible for determining the several factors\nused in computing compensation.\n\nThe FECA Procedure Manual 2-901 contains the requirements to periodically adjust compensation\npayments to reflect the increase in the cost of living. CPI adjustments are automatically calculated by\nthe ACPS.\n\n Tests of Described Controls:                                   Results of Tests:\n\n For a total of 278 cases, from a statistical sample of 178     In 6 of 178 statistically selected sample items, claimants\n substantive compensation cases and non-statistical samples     were underpaid a net of $10,423. In 3 of 100 non-\n totaling 100 cases (50 initial eligibility cases and 50        statistically selected sample items, claimants were\n multiple claim cases), we reviewed documentation in the        underpaid $600. Claimants were underpaid a net of\n case files to ensure that the components comprising            $11,023.\n compensation benefits were determined correctly.\n                                                                The net underpayment resulted from the use of incorrect:\n                                                                Payrates (8 cases)                          $(15,844)\n                                                                CPI adjustment on manual payment (1 case)       4,821\n                                                                Net Underpayment                            $(11,023)\n\n Of a statistical sample of 178* substantive compensation In 2 of 30 statistically selected sample items, the payments\n cases and 50 non-statistical cases, 30 cases had were not authorized by a senior official at a GS-13 or\n transactions whereby a single payment was in excess of higher. No other exceptions were noted.\n $50,000. We reviewed the transactions over $50,000 to\n ensure the payment was authorized by a senior official at a\n GS-13 or higher.\n\n\n                                                           69\n\x0c                                                    SECTION 3C\n                                Information Provided by the Service Auditor\n                                      Transaction Processing Controls\n\n Tests of Described Controls:                                   Results of Tests:\n\n For a non-statistical sample of 50 multiple claim cases, we    No exceptions were noted.\n reviewed the appropriateness of the receipt of\n compensation for more than one injury for the same period\n of time (multiple claims cases). This concurrent payment\n of benefits is allowable up to certain amounts and in\n certain instances.\n\n* A statistical sample of 178 cases and 50 non-statistical cases were tested for accuracy and proper processing of the\ncompensation payments. Some specific tests did not apply to all claimants due to the test applying only to payments over\n$50,000. Therefore, the number of tests indicated is the number of items to which tests were actually applied.\n\nControl Objective 7: Schedule Awards - Controls provide reasonable assurance that claimants had\nreached maximum medical improvement prior to receipt of a schedule award, medical evidence was\nobtained, and medical evidence stated the percentage of impairment.\n\nDescription of Controls:\n\nThe FECA Procedure Manual 2-808(6) contains the requirements for supporting a schedule award.\nThe file must contain competent medical evidence which: 1) shows that the impairment has reached\nmaximum medical improvement and indicates the date on which this occurred; 2) describes the\nimpairment in sufficient detail for the CE to visualize the character and degree of disability; and 3)\ngives a percentage evaluation of the impairment. DMAs calculate the percentage of impairment for\nthe schedule award.\n\n Tests of Described Controls:                                   Results of Tests:\n\n From the statistical sample of 178 compensation items, 31 No exceptions were noted.\n items were for schedule awards, we reviewed\n documentation in the case files to ensure that claimants\n receiving compensation for schedule awards had medical\n evidence in the case files that supported their impairment\n or disability.\n\nControl Objective 8: Death Benefits - Controls provide reasonable assurance that proper notification\nof death was made; if the DMA requested an autopsy, if needed; if a death certificate was obtained; if\nburial bills were obtained; and if dependent information for death benefits was verified. For\ncontinuing eligibility of death benefits, controls provide reasonable assurance that claimant is still\neligible to receive death benefits.\n\nDescription of Controls:\n\nThe FECA Procedure Manual 2-700(5) contains the requirements for proper and supporting\ndocumentation for the establishment of death claims and rights of the beneficiary. Some of the\ndocuments that claimants must submit are: 1) death certificates; 2) names and addresses of next of kin;\n3) marriage certificates (civil certificates); 4) birth certificates for each child; 5) divorce, dissolution,\nor death certificates for prior marriages; and 6) itemized burial bills, receipted, if paid.\n\n\n                                                           70\n\x0c                                                     SECTION 3C\n                                 Information Provided by the Service Auditor\n                                       Transaction Processing Controls\n\nFECA PM 2-700-17 contains the requirements for periodic review of death benefits. Form CA-12\nClaim for Continuation of Compensation, is sent annually to all recipients of death benefits. If the\nform has not been returned within 60 days of release, the CE should send a follow-up request for\ncompletion. Upon receipt of the form, the CE should check for change of address, marital status, and\nfinancial dependency status. The CE should take the necessary actions as outlined in this section.\n\nFor children, grandchildren, and siblings receiving death benefits, Form CA-1615 should be released\nto the guardian three months before the child reaches the age of 18 to determine continuing\nentitlement to compensation on the basis that the child is a student or is incapable of self-support.\n\n Tests of Described Controls:                                        Results of Tests:\n\n From the statistical sample of 178 compensation items, 16           In 4 of 16 items sampled, a current CA-12 or CA-1615 had\n items were for death benefits, we reviewed documentation            not been obtained from the beneficiaries to verify marital\n in the case files to ensure that the beneficiaries receiving        status and dependent information within the last year.\n compensation for death benefits had documentation in the            Two of the 4 errors were due to changes of address by the\n case files that established their right as the beneficiaries        claimants. No other exceptions were noted.\n and their eligibility for continuing compensation.\n\nControl Objective 9: Medical Bill Payment Processing - Controls provide reasonable assurance that\nmedical bill payments were properly authorized, approved, input, and reviewed, as required.\n\nDescription of Controls:\n\nThe FECA Procedure Manual Part 5 provides detailed instructions for use of the BPS:\n\n        Section 200 provides an overview of the system, describes the flow of bills through the office,\n        outlines authorities and responsibilities, describes sources of information to be used in bill\n        adjudication, and outlines procedures for some functions which support the BPS.\n\n        Section 201 describes keying instructions for the various BPS programs that are available to\n        general users, such as CEs, fiscal personnel, keyers and contact representatives.\n\n        Section 202 describes the different BPS jobs which must be run and how to run them. These\n        activities are generally carried out by the Systems Manager or operator.\n\n        Section 203 describes the coding schemes used by the BPS.\n\n        Section 204 describes the general rules which underlie bill adjudication.\n\n        Section 205 describes how suspended bills should be resolved.\n\n        Section 206 describes how informal appeals of Explanation of Benefits denial letters and\n        formal appeals of fee schedule determinations should be processed.\n\n        Section 207 describes the various BPS reports available, their uses, and how to run them.\n\n\n\n\n                                                                71\n\x0c                                                      SECTION 3C\n                                 Information Provided by the Service Auditor\n                                       Transaction Processing Controls\n\n Tests of Described Controls:                                     Results of Tests:\n\n For a statistical sample of 238 substantive medical bill         In 5 of 238 statistically selected medical bills tested,\n payments, we reviewed the medical bill payments to               medical providers were overpaid $61,653.\n ensure that the payments were: correctly entered into the\n BPS; contained all information for proper adjudication;          The overpayment resulted from:\n were not paid in excess of district established limits           1 Incorrect keying of Dates of Service           $30,087\n without proper approval by authorized personnel;                 1 Incorrect keying of Provider Type               17,521\n discounts were taken, if offered; and, were for services         1 Discount offered, not taken                     10,336\n considered proper charges against the Special Benefit            1 Incorrect keying of Procedure Code               3,563\n Fund.                                                            1 Fee Schedule Exceeded                              146\n                                                                  Overpayment                                      $61,653\n\n\n For a statistical sample of 118 internal control medical bill    Thirteen of the 118 internal control transactions required\n transactions, we reviewed the payments to ensure that            additional authorization because they were over the district\n payments were not paid in excess of district established         established threshold. Two of these 13 transactions did\n limits without proper approval by authorized personnel.          not have the proper authorization.\n\n For a statistical sample of 118 internal control medical bill No exceptions were noted.\n transactions, we reviewed case files to ensure that: a\n medical report was submitted for the services provided;\n surgery or equipment was approved prior to payment of a\n medical bill, when required; and, that the medical services\n rendered related to the accepted condition.\n\n For a statistical sample of 118 internal control medical bill No exceptions were noted.\n transactions, 44 transactions were subject to the Prompt\n Payment Act. We reviewed bills that were subject to the\n Prompt Payment Act to ensure the bills were paid within\n 45 days or interest was paid if the bill was paid after 45\n days.\n\nControl Objective 10: Third Party Settlements - Controls provide reasonable assurance that third\nparty settlements are identified, tracked, and collected.\n\nDescription of Controls:\n\nThe FECA Procedure Manual 2-1100 outlines the procedures for processing third party cases:\n\n        Sections (2) and (3) define authorities and responsibilities involved with third party cases.\n\n        Section (4) describes the letters, forms and status codes used to process and track the progress\n        of third party cases.\n\n        Section (5) defines a minor injury.\n\n        Section (7) provides instructions for third party case development by key personnel, such as\n        CEs and DCE\'s.\n\n\n\n                                                             72\n\x0c                                                     SECTION 3C\n                                 Information Provided by the Service Auditor\n                                       Transaction Processing Controls\n\n         Section (8) provides instructions to close out third party cases that are not economical to\n         pursue or that would not be successful with further efforts.\n\n        Section (9) lists certain third party cases that are not to be closed by the DCE and should be\n        sent to the appropriate Office of the Solicitor.\n\n        Section (10) provides instructions for handling settlement cases where the injury is "minor" and\n        the claimant is negotiating or has made a settlement without the benefit of an attorney.\n\n        Section (11) provides instructions for the referral of third party cases to the SOL.\n\n        Section (13) provides instructions for when a settlement has been made or is imminent in third\n        party cases referred to the SOL.\n\n Tests of Described Controls:                                     Results of Tests:\n\n From a non-statistical sample of 50* third party cases, 15       In all 15 cases, a CA \xe2\x80\x93 1045 was sent to the claimant. In 9\n cases required case originating correspondence during the        of the 15 cases, no response was received to the CA-1045\n current year. We reviewed these cases to determine               within 30 days. In 2 of the 9 cases, neither a second\n whether the Letter CA-1045, which requests information           request nor a letter to the EA for assistance was completed.\n from the claimant regarding the action taken against a third     No other exceptions were noted.\n party by the claimant, including the hiring of an attorney,\n was released to the claimant, when necessary, and that the\n proper follow-up actions were conducted when the\n claimant did not reply within 30 days.\n\n From a non-statistical sample of 50* third party cases, 2        No exceptions were noted.\n cases required correspondence with the claimant\xe2\x80\x99s\n attorneys during the prior year. We determined whether\n the appropriate forms were released to the attorneys of\n claimants involved in third party cases.\n\n From a non-statistical sample of 50* third party cases, 2        No exceptions were noted.\n cases required referral to the SOL due to the nature of the\n third party aspect of the case. We determined whether the\n third party cases were referred to the SOL, when required\n and the appropriate actions were taken to track, monitor\n and resolve third party cases through the SOL.\n\n*A non-statistical sample of 50 third party cases was tested for third party processing. Some specific tests did not apply to\nall claimants as only the actions to be taken on the case during the year were tested. Therefore, the number of tests\nindicated is the number of items to which tests were actually applied.\n\n\n\n\n                                                             73\n\x0c'